CVE-2025-13942 | A command injection vulnerability in the UPnP function of th… | CVSS 9.8 CRITICAL

Description

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Metadata

CVE ID: CVE-2025-13942
State: PUBLISHED
Assigner: Zyxel
Reserved: 2025-12-03 05:28 UTC
Published: 2026-02-24 02:32 UTC
Last updated: 2026-02-26 14:44 UTC
Primary CWE: CWE-78
CWE-78 Improper Neutralization of Special Elements used in a…
Vendor / Product: Zyxel / EX3510-B0 firmware
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Zyxel	EX3510-B0 firmware	—	<= 5.17(ABUP.15.1)C0

Weakness (CWE)

CWE	Source	Description
CWE-78	cna	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026