CVE-2025-13942

Critical CVSS: 9.8

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Vendor

Zyxel

Product

Wx5610-b0 Firmware

CWE

CWE-78

Yayın Tarihi

2026-02-24 03:16:00

Güncelleme

2026-02-25 18:13:10

Source Identifier

security@zyxel.com.tw

KEV Date Added

Kategoriler

CWE-78 Wx5610-b0 Firmware CRITICAL Zyxel 2026

Referanslar

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026

Benzer Kayıtlar

Medium

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version throu…

High

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware…

High

CVE-2026-1459

A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG362…

Medium

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro…

Medium

CVE-2025-11846

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions…

Medium

CVE-2025-11845

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware ve…