- Zyxel fixed seven flaws on several devices, including critical CVE-2025-13942 (9.8/10)
- Command injection via UPnP could enable remote OS command execution if WAN access and UPnP are enabled
- Around 120,000 Zyxel devices are exposed to the Internet
Zyxel confirmed that it recently patched half a dozen vulnerabilities, including a critical severity issue that allowed malicious actors to execute arbitrary commands remotely.
In a security advisory, Zyxel detailed the fix for a command injection vulnerability in the UPnP feature of certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONT, and Wireless Extenders firmware versions. This vulnerability is tracked as CVE-2025-13942 and received a severity score of 9.8/10 (critical).
By sending specially crafted UPnP SOAP requests, unauthenticated attackers can execute operating system commands on a vulnerable endpoint, Zyxel said, but stressed that certain conditions must first be met.
Fix flaws
“It is important to note that WAN access is disabled by default on these devices and the attack can only be carried out remotely if WAN access and the vulnerable UPnP feature have been enabled,” he explains.
Multiple products are affected, each with their own firmware version. To find out which version your device should be updated to, be sure to read the full list here. In total, Zyxel fixed seven vulnerabilities, including two post-authentication command injection vulnerabilities and four null pointer dereference vulnerabilities.
So far, there is no evidence that any of these flaws are being abused. Zyxel did not say whether it had observed any attacks, and the US CISA has not yet added any to its Catalog of Exploited Vulnerabilities (KEV).
According to the non-profit security organization Shadowserver Foundation, there are currently around 120,000 Zyxel devices exposed to the Internet, including 76,000 routers, so the attack surface is rather large. However, we do not know how many of them are vulnerable.
Hackers love to attack Zyxel products because their widely deployed routers, firewalls, and VPN devices often expose Internet-accessible management interfaces and have historically suffered from critical, easily exploitable vulnerabilities.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
