CVE-2025-13942
high-risk
Published 2026-02-24
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
Do I need to act?
-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (18)
Wx5610-B0 Firmware
Lte3301-Plus Firmware
Nebula Lte3301-Plus Firmware
Nr7101 Firmware
Nebula Nr7101 Firmware
Dx4510-B0 Firmware
Dx4510-B1 Firmware
Ee6510-10 Firmware
Emg6726-B10A Firmware
Ex2210-T0 Firmware
Ex3510-B1 Firmware
Ex7710-B0 Firmware
Vmg4927-B50A Firmware
Px3321-T1 Firmware
Px5301-T0 Firmware
Affected Vendors
References (1)
52
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
19/34 · Moderate