Zyxel Firmware Vulnerabilities
Recent firmware updates have been released to address critical vulnerabilities in Zyxel networking devices. These include various models such as 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, Fiber ONTs, Security Routers, and Wireless Extenders. The vulnerabilities allow for remote command injection and denial-of-service (DoS) attacks, posing significant security risks.
Details of the Discovered Vulnerabilities
Seven distinct vulnerabilities have been identified by researchers Tiantai Zhang, Víctor Fresco, and Watchful IP. The most severe flaw is an unauthenticated command injection vulnerability, which, along with other post-authentication risks and null pointer dereferences, threatens device integrity. Remote command execution can be achieved without user authentication, particularly through a flaw labeled CVE-2025-13942, which has a critical CVSS score of 9.8.
This vulnerability allows attackers to take full control of a device’s operating system by sending specially crafted UPnP requests. Although WAN access is restricted by default, this does not entirely mitigate the threat.
Analysis and Vulnerability Impact
The vulnerabilities include the following: CVE-2025-13942, which permits remote attackers to execute arbitrary OS commands; CVE-2025-13943 and CVE-2026-1459, allowing authenticated users and admins to run OS commands through various system features; and several null pointer dereferences that cause device DoS through malformed HTTP requests.
Exploitation of these vulnerabilities requires specific conditions, such as manual enabling of WAN access and vulnerable UPnP functions. Additionally, exploiting DoS vulnerabilities and post-authentication command injection necessitates compromised administrator credentials.
Zyxel’s Response and Mitigation Steps
Zyxel has responded by releasing firmware updates for most affected devices. However, some DSL/Ethernet CPE models will receive patches in March 2026. Network administrators are urged to act promptly to secure their networks.
Recommended actions include downloading and installing the latest firmware, disabling WAN access and UPnP on external interfaces unless necessary, updating device credentials to avoid post-authentication exploitation, and contacting ISPs for custom firmware updates where applicable.
Staying informed and proactive is crucial for maintaining network security. Follow us on Google News, LinkedIn, and X for ongoing cybersecurity updates and insights.
