Zyxel Routers Patched Against Critical Remote Command Injection Flaws

Home » News
Yash Shield
News
Reading time icon 2 min. read

Calendar icon Published on

Zyxel released urgent firmware updates for 4G LTE/5G NR CPEs, DSL routers, Fiber ONTs, security routers, and wireless extenders. Seven vulnerabilities include unauthenticated command injection and DoS crashes. CVE-2025-13942 tops the list at CVSS 9.8. Attackers could fully compromise devices through crafted UPnP requests.

WAN access stays disabled by default on all models. This blocks remote exploits unless users manually enable it. Post-auth flaws need admin login first. Still enterprises and homes run exposed firmware. Update immediately to close gaps.

Researchers Tiantai Zhang, Víctor Fresco, and Watchful IP found the issues. Zyxel pushed patches fast for most devices. DSL models like DX5401-B1 await March fixes for CVE-2026-1459.

Vulnerability Breakdown

Flaws span command injection and crashes. Unauthenticated hits hardest.

CVE IDTypeImpactRequirements
CVE-2025-13942UPnP Command InjectionFull RCE (CVSS 9.8)WAN+UPnP enabled
CVE-2025-13943Post-auth Cmd InjectionOS command execAdmin login
CVE-2026-1459Post-auth Cmd InjectionOS command execAdmin + TR-369 CGI
CVE-2025-11845Null Pointer DoSDevice crashHTTP to cert CGI
CVE-2025-11846Null Pointer DoSDevice crashAccount settings CGI
CVE-2025-11847Null Pointer DoSDevice crashIP settings CGI
CVE-2025-11848Null Pointer DoSDevice crashWake-on-LAN CGI

Affected Devices

Critical RCE hits these models:

CategoryModelVulnerable FWPatch FW
4G LTE/5G CPENebula NR71011.16(ACCC.1)C01.16(ACCC.1)V0
DSL/Ethernet CPEDX4510-B05.17(ABYL.10)C05.17(ABYL.10.1)C0
Fiber ONTPX5301-T05.44(ACKB.0.5)C05.44(ACKB.0.6)C0
Wireless ExtenderWX5610-B05.18(ACGJ.0.4)C05.18(ACGJ.0.5)C0

Attack Scenarios

Remote RCE needs WAN and UPnP both active. Crafted SOAP requests execute OS commands. Post-auth flaws run through log downloads and TR-369 cert CGI.

DoS hits crash devices via malformed HTTP. Five null pointer flaws trigger separately. Admin creds unlock worst cases.

ISP gear needs provider patches. Consumer routers expose homes to botnets.

Patch Process

Update your Zyxel device:

  • Download firmware from Zyxel support portal
  • Login to web interface as admin
  • Upload firmware via upgrade page
  • Reboot after verification
  • Disable WAN access and UPnP when possible

Change default passwords now. Test connectivity post-patch.

FAQ

What is the worst Zyxel vulnerability?

CVE-2025-13942 unauthenticated UPnP RCE (CVSS 9.8).

Can attackers hack Zyxel routers remotely?

Yes if WAN access and UPnP enabled manually.

Which Zyxel models need updates?

NR7101, DX4510-B0, PX5301-T0, WX5610-B0 and more.

Are ISP Zyxel routers affected?

Yes. Contact provider for firmware.

Where to get Zyxel patches?

Official support portal security advisories.

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages