ГлавнаяУязвимости → CVE-2025-13942
9.8критическая

CVE-2025-13942

Описание

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

Затрагиваемое ПО
Zyxel Wx5610-b0 firmwareZyxel Wx5610-b0Zyxel Lte3301-plus firmwareZyxel Lte3301-plusZyxel Nebula lte3301-plus firmwareZyxel Nebula lte3301-plusZyxel Nr7101 firmwareZyxel Nr7101Zyxel Nebula nr7101 firmwareZyxel Nebula nr7101Zyxel Dx4510-b0 firmwareZyxel Dx4510-b0Zyxel Dx4510-b1 firmwareZyxel Dx4510-b1Zyxel Ee6510-10 firmwareZyxel Ee6510-10Zyxel Emg6726-b10a firmwareZyxel Emg6726-b10aZyxel Ex2210-t0 firmwareZyxel Ex2210-t0Zyxel Ex3510-b0 firmwareZyxel Ex3510-b0Zyxel Ex3510-b1 firmwareZyxel Ex3510-b1Zyxel Ex5510-b0 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026