Vulnerability Description
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Wx5610-B0 Firmware | < 5.18\(acgj.0.5\)c0 |
| Zyxel | Wx5610-B0 | - |
| Zyxel | Lte3301-Plus Firmware | < 1.00\(abqu.9\)c0 |
| Zyxel | Lte3301-Plus | - |
| Zyxel | Nebula Lte3301-Plus Firmware | < 1.18\(acca.6\)v0 |
| Zyxel | Nebula Lte3301-Plus | - |
| Zyxel | Nr7101 Firmware | < 1.00\(abuv.12\)b2 |
| Zyxel | Nr7101 | - |
| Zyxel | Nebula Nr7101 Firmware | < 1.16\(accc.1\)v0 |
| Zyxel | Nebula Nr7101 | - |
| Zyxel | Dx4510-B0 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B0 | - |
| Zyxel | Dx4510-B1 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B1 | - |
| Zyxel | Ee6510-10 Firmware | < 5.19\(acjq.4.1\)c0 |
| Zyxel | Ee6510-10 | - |
| Zyxel | Emg6726-B10A Firmware | < 5.13\(abnp.8.2\)c1 |
| Zyxel | Emg6726-B10A | - |
| Zyxel | Ex2210-T0 Firmware | < 5.50\(acdi.2.4\)c0 |
| Zyxel | Ex2210-T0 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-13942?
CVE-2025-13942 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an ...
How severe is CVE-2025-13942?
CVE-2025-13942 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-13942?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Wx5610-B0 Firmware, Zyxel Wx5610-B0, Zyxel Lte3301-Plus Firmware, Zyxel Lte3301-Plus, Zyxel Nebula Lte3301-Plus Firmware.