This week, Zyxel, a prominent networking provider, released crucial patches to address several vulnerabilities found in numerous device models. Among these, a major flaw poses a risk of remote code execution.
Understanding the Critical Vulnerability
The vulnerability, tagged as CVE-2025-13942 with a CVSS score of 9.8, is a command injection issue. This flaw affects the UPnP feature of 18 models, including routers, ONTs, and wireless extenders. According to Zyxel’s advisory, attackers could exploit this flaw through crafted UPnP SOAP requests, allowing them to execute operating system commands on susceptible devices.
Remote Exploitation Conditions
Zyxel emphasizes that the default settings of these devices have WAN access disabled. Therefore, remote exploitation is possible only if both the WAN access and the vulnerable UPnP function are enabled. This highlights the importance of reviewing device settings to mitigate potential risks.
Additional Vulnerabilities and Fixes
Alongside the critical flaw, Zyxel’s updates also address CVE-2025-13943 and CVE-2026-1459, both high-severity command injection vulnerabilities. These affect the log file download function and the TR-369 certificate download CGI program in certain firmware versions. Exploitation could lead to arbitrary OS command execution by authenticated attackers.
Moreover, Zyxel has patched four null pointer dereference vulnerabilities, which could facilitate denial-of-service (DoS) attacks when exploited by users with administrator rights. This could occur through crafted HTTP requests if WAN access and user credentials are compromised.
Response and Recommendations
Zyxel has provided a detailed list of affected devices and confirmed that firmware updates are available. Although no active exploitation of these vulnerabilities has been reported, previous targeting of Zyxel flaws by threat actors underscores the importance of applying these updates promptly.
Related security updates by other companies, such as Cisco and Nvidia, highlight the ongoing challenges in maintaining cybersecurity across network devices.
