{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13942", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2025-12-03T05:28:13.264Z", "datePublished": "2026-02-24T02:32:18.934Z", "dateUpdated": "2026-02-26T14:44:10.318Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EX3510-B0 firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "<= 5.17(ABUP.15.1)C0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."}], "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2026-02-24T02:32:18.934Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-25T04:55:38.008415Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:10.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-25T04:55:38.008415Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T16:04:51.639Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "EX3510-B0 firmware", "versions": [{"status": "affected", "version": "<= 5.17(ABUP.15.1)C0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2026-02-24T02:32:18.934Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13942", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:10.318Z", "dateReserved": "2025-12-03T05:28:13.264Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2026-02-24T02:32:18.934Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:wx5610-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B96C5D67-D4B3-460C-8EED-A847F0AF99DB", "versionEndExcluding": "5.18\\(acgj.0.5\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:wx5610-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "88909887-E078-4EC5-BA49-2EFCABF1EB1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:lte3301-plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F3EFC9C-25BF-4DE2-82BB-E169C696AB04", "versionEndExcluding": "1.00\\(abqu.9\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:lte3301-plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "4814D3A1-C0D4-4573-AD77-C2EE7AC11CB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54C6D399-871E-4C6D-BCE4-DFCF7D2C6318", "versionEndExcluding": "1.18\\(acca.6\\)v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "42297A6A-3E50-4E9E-ABF6-58C77F222DC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nr7101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F44895-CA69-43F3-AE10-32EE7FAE611E", "versionEndExcluding": "1.00\\(abuv.12\\)b2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nr7101:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4D27B24-9822-432C-8B8B-9546EE32DEC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D37106AA-6CFB-4B4F-8D88-94DF2D76E869", "versionEndExcluding": "1.16\\(accc.1\\)v0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*", "matchCriteriaId": "52096C1F-F73C-413E-9D37-82EFA4703AEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx4510-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC432F5C-8013-4E96-969C-BCFCA11D3883", "versionEndExcluding": "5.17\\(abyl.10.1\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx4510-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0338E1C-2509-4510-8C8D-4BD5AEA47D81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEA4C738-597E-4BB1-AB7C-8A0343FADFE8", "versionEndExcluding": "5.17\\(abyl.10.1\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A28F95D9-1258-4A48-90BD-C940AD483932", "versionEndExcluding": "5.19\\(acjq.4.1\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD4AE46D-E374-4224-9A66-4291B6A10C00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:emg6726-b10a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7B10052-0ABA-4488-94E6-046C8445977A", "versionEndExcluding": "5.13\\(abnp.8.2\\)c1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:emg6726-b10a:-:*:*:*:*:*:*:*", "matchCriteriaId": "304D3B33-F7EC-4EB3-B6EF-6BEB2112F9C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CEFD711-D838-42EB-B555-FA9AA012BF50", "versionEndExcluding": "5.50\\(acdi.2.4\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "A71E4E6F-357E-4DAA-B7D7-7CF44000F0CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3510-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4338AEC-15AE-44F5-B9CF-743E9CF57014", "versionEndExcluding": "5.17\\(abup.15.2\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3510-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0455EC5-B783-4CDB-9DC0-D8EF377A5F2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex3510-b1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67391540-C81F-4404-8F2F-038DCD719E15", "versionEndExcluding": "5.17\\(abup.15.2\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex3510-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F955BD9-4D44-46BE-8605-51C6250A74D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5510-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB37D43B-9E31-4C30-9C8D-C851DB9ED61E", "versionEndExcluding": "5.17\\(abqx.11.1\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5510-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "E82D41CC-2EB3-4892-8383-FB2C9EC64D9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CDAF378-B521-4C2C-A2BE-4B6F5E80E00C", "versionEndExcluding": "5.70\\(aceg.5.4\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "F32FA3FB-CE89-4CC1-9D8D-765B90A122DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0453035D-D806-426F-BA39-A640AF4061BC", "versionEndExcluding": "5.18\\(acak.1.6\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "07727D9C-723B-4761-B6B6-07FE1784D3C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:vmg4927-b50a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FABB6F2-114B-4732-A4C7-467E99B1ADF5", "versionEndExcluding": "5.13\\(ably.10.2\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vmg4927-b50a:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0EE70D2-51BB-4E45-8995-655C1394C440", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68683D4E-65E9-4BD0-B9FD-9593170BF6C3", "versionEndExcluding": "5.44\\(acjb.1.5\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px3321-t1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F751BEB-1A49-4124-B45B-3730AA448CDE", "versionEndExcluding": "5.44\\(achk.3\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px3321-t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB525DE-2E08-4848-976E-7DF6C7E19578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "01B59D2A-6414-4672-A695-744A829416B5", "versionEndExcluding": "5.44\\(ackb.0.6\\)c0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EBB4C27-DAEB-4297-98DC-3B22353B5184", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n UPnP del firmware Zyxel EX3510-B0 versiones hasta la 5.17(ABUP.15.1)C0 podr\u00eda permitir a un atacante en remoto ejecutar comandos del sistema operativo (SO) en un dispositivo afectado mediante el env\u00edo de solicitudes SOAP UPnP especialmente dise\u00f1adas."}], "id": "CVE-2025-13942", "lastModified": "2026-02-25T18:13:10.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T03:16:00.223", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.17(ABUP.15.1)C0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EX3510-B0 firmware", "source": "cna", "vendor": "Zyxel"}, "product": "ex3510-b0_firmware", "vendor": "zyxel"}], "created": "2026-02-24T09:53:14.975631+00:00", "updated": "2026-02-24T09:53:14.975710+00:00", "vendors": ["zyxel", "zyxel$PRODUCT$ex3510-b0_firmware"]}