CVE-2025-13942

Published Feb 24, 2026

Last updated 15 hours ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-13942 is currently a reserved CVE identifier. This means that a CVE Numbering Authority (CNA) has allocated this ID for a potential vulnerability, but the specific details, such as the affected product, vulnerability type, and impact, have not yet been publicly disclosed or published in a CVE record. As such, there are no popular articles or detailed descriptions available for this particular CVE at this time.

Description
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
Source
security@zyxel.com.tw
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@zyxel.com.tw
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. Zyxel has published 2 CVEs for some vulns I found :D CVE-2025-13943: Authenticated command injection in log export CGI CVE-2025-13942: Unauthenticated command injection in UPnP daemon I will blog about this in the coming months. Meanwhile, exploits here: https://t.co/CbVHekdN5q

    @hacefresko

    24 Feb 2026

    1922 Impressions

    13 Retweets

    37 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  2. CVE-2025-13942 A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute ope… https://t.co/zhenTwFhzu

    @CVEnew

    24 Feb 2026

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-13942: CRITICAL] Critical vulnerability in Zyxel EX3510-B0 firmware allows remote attackers to execute OS commands via UPnP function. Update to version 5.17(ABUP.15.1)C0 to patch the issue.#cve,CVE-2025-13942,#cybersecurity https://t.co/ErrC3xhwrW

    @CveFindCom

    24 Feb 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. **CVE-2025-13942** is a command injection vulnerability affecting the UPnP (Universal Plug and Play) function in Zyxel EX3510-B0 firmware versions up to 5.17(ABUP.15.1)C0. This flaw allows a remote attacker to execute arbitrary operating system commands on the affected device by

    @CveTodo

    24 Feb 2026

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References

Sources include official advisories and independent security research.