Cyber Resilience

CVE-2025-13942

CriticalRCE

Published: 24 February 2026

Published
24 February 2026
Modified
25 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0106 60.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-13942 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zyxel Px3321-T1 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-13942 is a command injection vulnerability (CWE-78) in the UPnP function of Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0. Published on 2026-02-24, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its potential for high-impact confidentiality, integrity, and availability effects.

A remote, unauthenticated attacker can exploit the vulnerability by sending specially crafted UPnP SOAP requests to an affected device, enabling arbitrary operating system command execution. The attack requires no privileges, low complexity, or user interaction, making it highly accessible over the network.

Zyxel has issued a security advisory addressing this command injection vulnerability alongside null pointer dereference issues in certain 4G LTE, 5G NR CPE, DSL Ethernet CPE, fiber ONTs, security routers, and wireless extenders, available at https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CVE enables remote unauthenticated exploitation of a public-facing UPnP service (T1190) leading to arbitrary OS command execution on a likely Unix/Linux-based network device (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13943Same product: Zyxel Dx4510-B0
CVE-2024-40890Same vendor: Zyxel
CVE-2026-1459Same vendor: Zyxel
CVE-2026-7256Same vendor: Zyxel
CVE-2024-40891Same vendor: Zyxel
CVE-2025-8693Same product: Zyxel Dx4510-B1
CVE-2025-7673Same product: Zyxel Emg6726-B10A
CVE-2018-25115Shared CWE-78
CVE-2025-24382Shared CWE-78
CVE-2026-29058Shared CWE-78

Affected Assets

zyxel
wx5610-b0 firmware
≤ 5.18\(acgj.0.5\)c0
zyxel
lte3301-plus firmware
≤ 1.00\(abqu.9\)c0
zyxel
nebula lte3301-plus firmware
≤ 1.18\(acca.6\)v0
zyxel
nr7101 firmware
≤ 1.00\(abuv.12\)b2
zyxel
nebula nr7101 firmware
≤ 1.16\(accc.1\)v0
zyxel
dx4510-b0 firmware
≤ 5.17\(abyl.10.1\)c0
zyxel
dx4510-b1 firmware
≤ 5.17\(abyl.10.1\)c0
zyxel
ee6510-10 firmware
≤ 5.19\(acjq.4.1\)c0
zyxel
emg6726-b10a firmware
≤ 5.13\(abnp.8.2\)c1
zyxel
ex2210-t0 firmware
≤ 5.50\(acdi.2.4\)c0
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the command injection vulnerability by identifying, testing, and applying firmware patches as issued in the Zyxel security advisory.

prevent

Implements input validation mechanisms on UPnP SOAP requests to block specially crafted payloads that enable command injection.

prevent

Restricts or disables the nonessential UPnP function on the device to eliminate the attack surface for remote command injection.

References