Zyxel Weaknesses Several significant vulnerabilities in networking devices, such as 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, Fiber ONTs, Security Routers, and Wireless Extenders, have been fixed by critical firmware updates This article explores vulnerabilities networking devices. . Due to these vulnerabilities, impacted routers are vulnerable to denial-of-service (DoS) and remote command injection attacks.
Security researchers Tiantai Zhang, Víctor Fresco, and Watchful IP identified seven different vulnerabilities, which are highlighted in the security advisory. Along with a number of post-authentication threats and null pointer dereferences, the most serious is an unauthenticated command injection vulnerability. Risk analysis and attack mechanics CVE-2025-13942 (CVSS 9.8) poses the greatest threat since it permits remote code execution (RCE) without user authentication. A malicious actor can totally compromise the device's operating system by sending a specially constructed UPnP request.
Fortunately, there is a built-in mitigating factor: all impacted Zyxel devices have WAN access restricted by default. Impact & Attack Vector CVE-2025-13942 Command Injection (UPnP) CVE ID Vulnerability Type Through carefully constructed UPnP SOAP requests, remote attackers can carry out any OS command. CVE-2025-13943 Command Injection After Authentication The log file download feature allows authorized users to execute OS commands.
CVE-2026-1459 Injection of Post-Auth Commands Through the TR-369 certificate download CGI, authorized administrators can carry out OS commands. CVE-2025-11845 CVE-2025-11846: Null Pointer Dereference Crafted HTTP requests to the CGI trigger device for the certificate downloader Null Pointer Dereference: DoS is caused by malformed HTTP requests to account settings CGI. CVE-2025-11847 Null Pointer Dereference: DoS is caused by malformed HTTP requests to IP settings CGI.
The device may crash due to CVE-2025-11848 Null Pointer Dereference Crafted requests to Wake-on-LAN CGI (DoS). Only when a user has manually enabled both WAN access and the susceptible UPnP function can an attack be successful. Similar to this, compromised administrator passwords are needed to exploit DoS vulnerabilities and post-authentication command injection.
Numerous specific models are affected, including well-known consumer and business lines. The devices listed below are susceptible to the critical CVE-2025-13942 flaw: Product Category Affected Model Affected Version Patch Version 4G LTE/5G NR CPE Nebula NR7101 1.16(ACCC).1)C0 and previous 1.16 (ACCC.1)V0 DSL/Ethernet CPE DX4510-B0 5.17(ABYL.10)C0 & previous 5.17(ABYL.10.1)C0 Fiber ONTs PX5301-T0 5.44(ACKB.0.5)C0 and previous 5.44 (ACKB.0.6)WX5610-B0 5.18 C0 Wireless ExtendersFor the great majority of impacted products, Zyxel has released firmware updates (ACGJ.0.4)C0 & earlier 5.18 (ACGJ.0.5)C0.
However, official patches for certain DSL/Ethernet CPE models (like the DX5401-B1 and EMG3525-T50B) impacted by CVE-2026-1459 are expected to be released in March 2026. Administrators must act right away to preserve the best possible network security: Description of the Mitigation Step Update the firmware Use the community forum or official support portal to download and install the most recent firmware. Limit WAN Access Turn off UPnP and WAN access on external interfaces unless it is absolutely required.
Revise your credentials To stop post-authentication exploitation, change weak or default passwords. Speak with ISPs For custom firmware updates for ISP-provided devices, get in touch with your provider; for daily cybersecurity updates, check out LinkedIn and X. To have your stories featured, get in touch with us.
