CVE-2025-13942

CRITICAL

9.8

Descripcion

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado2/24/2026

Ultima modificacion2/25/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

zyxel:dx4510-b0zyxel:dx4510-b0_firmwarezyxel:dx4510-b1zyxel:dx4510-b1_firmwarezyxel:ee6510-10zyxel:ee6510-10_firmwarezyxel:emg6726-b10azyxel:emg6726-b10a_firmwarezyxel:ex2210-t0zyxel:ex2210-t0_firmwarezyxel:ex3510-b0zyxel:ex3510-b0_firmwarezyxel:ex3510-b1zyxel:ex3510-b1_firmwarezyxel:ex5510-b0zyxel:ex5510-b0_firmwarezyxel:ex5512-t0zyxel:ex5512-t0_firmwarezyxel:ex7710-b0zyxel:ex7710-b0_firmwarezyxel:lte3301-pluszyxel:lte3301-plus_firmwarezyxel:nebula_lte3301-pluszyxel:nebula_lte3301-plus_firmwarezyxel:nebula_nr7101zyxel:nebula_nr7101_firmwarezyxel:nr7101zyxel:nr7101_firmwarezyxel:px3321-t1zyxel:px3321-t1_firmwarezyxel:px5301-t0zyxel:px5301-t0_firmwarezyxel:vmg4927-b50azyxel:vmg4927-b50a_firmwarezyxel:wx5610-b0zyxel:wx5610-b0_firmware

Debilidades (CWE)

CWE-78

Referencias

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026(security@zyxel.com.tw)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.