Critical RCE flaw in Zyxel routers allows remote command execution
Summary
Hide ▲
Show ▼
Zyxel has released security updates to address a critical command injection vulnerability (CVE-2025-13942) affecting over a dozen router models. The flaw allows unauthenticated attackers to execute OS commands via maliciously crafted UPnP SOAP requests. Successful exploitation requires both UPnP and WAN access to be enabled, with WAN access disabled by default. Zyxel also patched two high-severity post-authentication command-injection vulnerabilities (CVE-2025-13943 and CVE-2026-1459). Zyxel devices are frequently targeted in attacks due to their widespread use by internet service providers. The U.S. CISA is tracking 12 actively exploited Zyxel vulnerabilities. Additionally, Zyxel has no plans to patch two zero-day vulnerabilities (CVE-2024-40891 and CVE-2024-40891) affecting end-of-life routers, advising users to replace them with newer models.
Timeline
-
25.02.2026 14:53 1 articles · 2h ago
Zyxel releases updates for critical RCE flaw in routers
Zyxel has released security updates to address a critical command injection vulnerability (CVE-2025-13942) affecting over a dozen router models. The flaw allows unauthenticated attackers to execute OS commands via maliciously crafted UPnP SOAP requests. Successful exploitation requires both UPnP and WAN access to be enabled, with WAN access disabled by default. Zyxel also patched two high-severity post-authentication command-injection vulnerabilities (CVE-2025-13943 and CVE-2026-1459).
Show sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
Information Snippets
-
CVE-2025-13942 is a critical command injection flaw in the UPnP function of Zyxel 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
Unauthenticated remote attackers can execute OS commands using maliciously crafted UPnP SOAP requests.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
Successful exploitation requires both UPnP and WAN access to be enabled, with WAN access disabled by default.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
Zyxel patched two high-severity post-authentication command-injection vulnerabilities (CVE-2025-13943 and CVE-2026-1459).
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
Shadowserver tracks nearly 120,000 Internet-exposed Zyxel devices, including over 76,000 routers.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
The U.S. CISA is tracking 12 actively exploited Zyxel vulnerabilities affecting routers, firewalls, and NAS devices.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
Zyxel will not patch two zero-day vulnerabilities (CVE-2024-40891 and CVE-2024-40891) affecting end-of-life routers, advising users to replace them.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
-
More than 1 million businesses use Zyxel networking products across 150 markets.
First reported: 25.02.2026 14:531 source, 1 articleShow sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53