CVE-2025-13942

{"id": "CVE-2025-13942", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-24T03:16:00.223", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n UPnP del firmware Zyxel EX3510-B0 versiones hasta la 5.17(ABUP.15.1)C0 podr\u00eda permitir a un atacante en remoto ejecutar comandos del sistema operativo (SO) en un dispositivo afectado mediante el env\u00edo de solicitudes SOAP UPnP especialmente dise\u00f1adas."}], "lastModified": "2026-02-25T18:13:10.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wx5610-b0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B96C5D67-D4B3-460C-8EED-A847F0AF99DB", "versionEndExcluding": "5.18\\(acgj.0.5\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "88909887-E078-4EC5-BA49-2EFCABF1EB1B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F3EFC9C-25BF-4DE2-82BB-E169C696AB04", "versionEndExcluding": "1.00\\(abqu.9\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54C6D399-871E-4C6D-BCE4-DFCF7D2C6318", "versionEndExcluding": "1.18\\(acca.6\\)v0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "42297A6A-3E50-4E9E-ABF6-58C77F222DC1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F44895-CA69-43F3-AE10-32EE7FAE611E", "versionEndExcluding": "1.00\\(abuv.12\\)b2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D37106AA-6CFB-4B4F-8D88-94DF2D76E869", "versionEndExcluding": "1.16\\(accc.1\\)v0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC432F5C-8013-4E96-969C-BCFCA11D3883", "versionEndExcluding": "5.17\\(abyl.10.1\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0338E1C-2509-4510-8C8D-4BD5AEA47D81"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEA4C738-597E-4BB1-AB7C-8A0343FADFE8", "versionEndExcluding": "5.17\\(abyl.10.1\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A28F95D9-1258-4A48-90BD-C940AD483932", "versionEndExcluding": "5.19\\(acjq.4.1\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD4AE46D-E374-4224-9A66-4291B6A10C00"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B10052-0ABA-4488-94E6-046C8445977A", "versionEndExcluding": "5.13\\(abnp.8.2\\)c1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CEFD711-D838-42EB-B555-FA9AA012BF50", "versionEndExcluding": "5.50\\(acdi.2.4\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A71E4E6F-357E-4DAA-B7D7-7CF44000F0CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4338AEC-15AE-44F5-B9CF-743E9CF57014", "versionEndExcluding": "5.17\\(abup.15.2\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67391540-C81F-4404-8F2F-038DCD719E15", "versionEndExcluding": "5.17\\(abup.15.2\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F955BD9-4D44-46BE-8605-51C6250A74D9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB37D43B-9E31-4C30-9C8D-C851DB9ED61E", "versionEndExcluding": "5.17\\(abqx.11.1\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CDAF378-B521-4C2C-A2BE-4B6F5E80E00C", "versionEndExcluding": "5.70\\(aceg.5.4\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0453035D-D806-426F-BA39-A640AF4061BC", "versionEndExcluding": "5.18\\(acak.1.6\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07727D9C-723B-4761-B6B6-07FE1784D3C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FABB6F2-114B-4732-A4C7-467E99B1ADF5", "versionEndExcluding": "5.13\\(ably.10.2\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68683D4E-65E9-4BD0-B9FD-9593170BF6C3", "versionEndExcluding": "5.44\\(acjb.1.5\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F751BEB-1A49-4124-B45B-3730AA448CDE", "versionEndExcluding": "5.44\\(achk.3\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01B59D2A-6414-4672-A695-744A829416B5", "versionEndExcluding": "5.44\\(ackb.0.6\\)c0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7EBB4C27-DAEB-4297-98DC-3B22353B5184"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}