CVE-2025-13942: A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
zyxel	dx4510-b0_firmware	< 5.17\(abyl.10.1\)c0	5.17\(abyl.10.1\)c0
zyxel	dx4510-b1_firmware	< 5.17\(abyl.10.1\)c0	5.17\(abyl.10.1\)c0
zyxel	ee6510-10_firmware	< 5.19\(acjq.4.1\)c0	5.19\(acjq.4.1\)c0
zyxel	emg6726-b10a_firmware	< 5.13\(abnp.8.2\)c1	5.13\(abnp.8.2\)c1
zyxel	ex2210-t0_firmware	< 5.50\(acdi.2.4\)c0	5.50\(acdi.2.4\)c0
zyxel	ex3510-b0_firmware	< 5.17\(abup.15.2\)c0	5.17\(abup.15.2\)c0
zyxel	ex3510-b0_firmware	<= 5.17(ABUP.15.1)C0	—
zyxel	ex3510-b1_firmware	< 5.17\(abup.15.2\)c0	5.17\(abup.15.2\)c0
zyxel	ex5510-b0_firmware	< 5.17\(abqx.11.1\)c0	5.17\(abqx.11.1\)c0
zyxel	ex5512-t0_firmware	< 5.70\(aceg.5.4\)c0	5.70\(aceg.5.4\)c0
zyxel	ex7710-b0_firmware	< 5.18\(acak.1.6\)c0	5.18\(acak.1.6\)c0
zyxel	lte3301-plus_firmware	< 1.00\(abqu.9\)c0	1.00\(abqu.9\)c0
zyxel	nebula_lte3301-plus_firmware	< 1.18\(acca.6\)v0	1.18\(acca.6\)v0
zyxel	nebula_nr7101_firmware	< 1.16\(accc.1\)v0	1.16\(accc.1\)v0
zyxel	nr7101_firmware	< 1.00\(abuv.12\)b2	1.00\(abuv.12\)b2
zyxel	px3321-t1_firmware	< 5.44\(acjb.1.5\)c0	5.44\(acjb.1.5\)c0
zyxel	px3321-t1_firmware	< 5.44\(achk.3\)c0	5.44\(achk.3\)c0
zyxel	px5301-t0_firmware	< 5.44\(ackb.0.6\)c0	5.44\(ackb.0.6\)c0
zyxel	vmg4927-b50a_firmware	< 5.13\(ably.10.2\)c0	5.13\(ably.10.2\)c0
zyxel	wx5610-b0_firmware	< 5.18\(acgj.0.5\)c0	5.18\(acgj.0.5\)c0