Zyxel security patch release for CVE-2025-13942
Security Patch Release
Summary
Hide ▲
Show ▼
Zyxel released security updates for over a dozen router models, closing CVE-2025-13942 and two related command-injection flaws that could let attackers run OS commands on unpatched devices. The critical bug sits in the UPnP function of 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders. Zyxel said remote abuse of the flaw requires UPnP and WAN access to be enabled, with WAN access disabled by default. The company also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication issues that use compromised credentials.
Related Happenings
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation Wave
H score47
First: 08.06.2026 17:17
Last: 08.06.2026 17:17
Sources 1
About this happening:
**CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Check Point security patch release for CVE-2026-50751
Security Patch Release
H score48
First: 08.06.2026 16:05
Last: 08.06.2026 16:05
Sources 1
About this happening:
**Check Point** released **security updates** to patch **CVE-2026-50751** in **Remote Access VPN** and **Mobile Access** deployments. The update addressed a **critical authenticat...
Check Point security patch release for CVE-2026-50751
Security Patch ReleaseAbout this happening: **Check Point** released **security updates** to patch **CVE-2026-50751** in **Remote Access VPN** and **Mobile Access** deployments. The update addressed a **critical authenticat...
Cisco security patch release for CVE-2026-20188
Security Patch Release
H score35
First: 06.05.2026 21:06
Last: 06.05.2026 21:06
Sources 1
About this happening:
**Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Cisco security patch release for CVE-2026-20188
Security Patch ReleaseAbout this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Palo Alto Networks PAN-OS CVE-2026-0300 patch release
Security Patch Release
H score66
First: 06.05.2026 07:46
Last: 06.05.2026 07:46
Sources 1
About this happening:
Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...
Palo Alto Networks PAN-OS CVE-2026-0300 patch release
Security Patch ReleaseAbout this happening: Palo Alto Networks is rolling out **patches** for **CVE-2026-0300**, a **critical PAN-OS zero-day** that has already been **exploited in the wild** against **PA and VM series fire...
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch Release
H score76
First: 24.04.2026 16:35
Last: 24.04.2026 16:35
Sources 1
About this happening:
Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
Synacor Zimbra CVE-2025-48700 security patch release
Security Patch ReleaseAbout this happening: Synacor released **security patches** for **CVE-2025-48700**, fixing an **XSS flaw** in **Zimbra Classic UI** that could be triggered by a **malicious email** and expose **sensiti...
Timeline
-
25.02.2026 14:53 2 articles · 4mo ago
Zyxel releases patches for CVE-2025-13942 and related command-injection flaws
Mitigation Patch UpdateZyxel released security updates for over a dozen router and CPE models to fix CVE-2025-13942, a critical UPnP command-injection flaw that could let unauthenticated attackers run OS commands on unpatched devices through maliciously crafted UPnP SOAP requests. The same update cycle also patched CVE-2025-13943 and CVE-2026-1459, two high-severity post-authentication command-injection vulnerabilities that can be abused with compromised credentials. Zyxel said successful remote abuse of CVE-2025-13942 requires both UPnP and WAN access to be enabled, with WAN access disabled by default on the affected devices.
Show sources
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53
- Zyxel warns of critical RCE flaw affecting over a dozen routers — www.bleepingcomputer.com — 25.02.2026 14:53