"An attacker could exploit the flaw via crafted UPnP SOAP requests to execute OS commands on a vulnerable device. It is important to note that WAN access is disabled by default on these devices, and the attack can be carried out remotely only if both WAN access and the vulnerable UPnP function have been enabled."
"The networking provider's fresh round of security updates also resolves CVE-2025-13943 and CVE-2026-1459, two high-severity command injection defects. Impacting the log file download function and the TR-369 certificate download CGI program of specific router firmware versions, the two vulnerabilities could allow an authenticated attacker to execute OS commands."
"Additionally, Zyxel released fixes for four null pointer dereference vulnerabilities that could be exploited by attackers with administrator privileges to cause denial-of-service (DoS) conditions. Affecting various endpoints of the vulnerable products, these flaws can be exploited via crafted HTTP requests if WAN access is enabled and the attacker possesses compromised user credentials."
Zyxel released security patches addressing multiple vulnerabilities across dozens of device models. The most critical issue, CVE-2025-13942 with a CVSS score of 9.8, is a command injection flaw in the UPnP feature affecting 18 routers, ONTs, and wireless extenders. Attackers could exploit this via crafted UPnP SOAP requests to execute OS commands, though WAN access must be enabled. Additionally, two high-severity command injection vulnerabilities (CVE-2025-13943 and CVE-2026-1459) affect log file and certificate download functions. Four null pointer dereference vulnerabilities could cause denial-of-service conditions when exploited by administrators. Firmware updates are available for all impacted devices, with no current evidence of active exploitation.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]