- Zyxel fixed seven bugs across multiple devices, including critical CVE-2025-13942 (9.8/10)
- Command injection via UPnP could allow remote execution of OS commands if WAN access and UPnP are enabled
- About 120,000 Zyxel devices are Internet exposed
Zyxel has confirmed that it has recently patched half a dozen vulnerabilities, including a critical severity issue that allowed threat actors to execute arbitrary commands remotely.
In a security advisory, Zyxel detailed patching a command injection vulnerability in the UPnP feature of certain 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs and Wireless Extenders firmware versions. This vulnerability is tracked as CVE-2025-13942 and received a severity score of 9.8/10 (Critical).
By sending specially crafted UPnP SOAP requests, unauthorized attackers can execute OS commands on a vulnerable endpoint, Zyxel said, but stressed that certain conditions must first be met.
Correction of the errors
“It is important to note that WAN access is disabled by default on these devices and the attack can only be executed remotely if both WAN access and the vulnerable UPnP feature have been enabled,” it explained.
Multiple products are affected, each with their own firmware version. To find out which version your device needs to update to, be sure to read the full list here. In total, Zyxel fixed seven bugs, including two post-authentication command injection vulnerabilities and four null pointer dereference vulnerabilities.
So far, there is no evidence that any of these bugs are being abused in the wild. Zyxel did not mention whether it observed any attacks, and the US CISA has not yet added any of these to its catalog of exploited vulnerabilities (KEV).
According to the nonprofit security organization Shadowserver Foundation, there are currently approximately 120,000 Internet-exposed Zyxel devices, including 76,000 routers, so the attack surface is quite large. However, we do not know how many of these are vulnerable.
Hackers love to attack Zyxel products because their widely used routers, firewalls and VPN devices often expose Internet-facing management interfaces and have historically suffered from critical vulnerabilities that are easy to exploit.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
