118/69 Friday, February 27, 2026
Zyxel, a leading network equipment manufacturer, has issued a security advisory regarding a critical vulnerability identified as CVE-2025-13942, which carries a CVSS score of 9.8 out of 10. The flaw allows unauthenticated attackers to execute arbitrary commands remotely, potentially gaining full control of affected devices. The vulnerability impacts more than 10 widely used models, including 4G LTE/5G NR routers, Fiber ONT (fiber internet) devices, and Wi-Fi extenders.
The issue stems from improper input validation within the UPnP (Universal Plug and Play) function. Specifically, attackers can send specially crafted SOAP requests to execute commands at the operating system level of the device. However, security experts note that successful exploitation requires both WAN (external) access and UPnP to be enabled simultaneously. By default, Zyxel devices have WAN access disabled to reduce exposure.
In addition to this critical flaw, Zyxel has also addressed several other vulnerabilities that could lead to Denial-of-Service (DoS) attacks and post-authentication command execution. Affected models include DX5401-B1, EMG3525-T50B, and VMG3625-T50B. The company plans to roll out patched firmware updates for all impacted models by March 2026. Users are strongly advised to check their device status and apply firmware updates as soon as they become available. If the features are not required, disabling WAN access and UPnP is recommended to minimize potential risk.
