Vulnerability Description
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Ee5301-00 Firmware | < 5.63\(acld.2.1\)c0 |
| Zyxel | Ee5301-00 | - |
| Zyxel | Ee3301-00 Firmware | < 5.63\(acmu.2.1\)c0 |
| Zyxel | Ee3301-00 | - |
| Zyxel | Dx5401-B1 Firmware | < 5.17\(abyo.7.1\)c0 |
| Zyxel | Dx5401-B1 | - |
| Zyxel | Dx4510-B1 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B1 | - |
| Zyxel | Dx4510-B0 Firmware | < 5.17\(abyl.10.1\)c0 |
| Zyxel | Dx4510-B0 | - |
| Zyxel | Dx3301-T0 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3301-T0 | - |
| Zyxel | Dx3300-T1 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3300-T1 | - |
| Zyxel | Dx3300-T0 Firmware | < 5.50\(abvy.7.1\)c0 |
| Zyxel | Dx3300-T0 | - |
| Zyxel | Ee6510-10 Firmware | < 5.19\(acjq.4.1\)c0 |
| Zyxel | Ee6510-10 | - |
| Zyxel | Emg3525-T50B Firmware | < 5.50\(abpm.9.7\)c0 |
| Zyxel | Emg3525-T50B | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-13943?
CVE-2025-13943 is a vulnerability with a CVSS score of 8.8 (HIGH). A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute...
How severe is CVE-2025-13943?
CVE-2025-13943 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13943?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Ee5301-00 Firmware, Zyxel Ee5301-00, Zyxel Ee3301-00 Firmware, Zyxel Ee3301-00, Zyxel Dx5401-B1 Firmware.