Gbhackers
Zyxel Addresses Critical RCE Flaw in Multiple Router Models
First seen 25 Feb 2026, 13:10 UTC
•



+6
•83% similarity
•67.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Zyxel has issued security updates for a critical remote command execution vulnerability, tracked as CVE-2025-13942, affecting various router models. The flaw exists in the UPnP function, allowing unauthenticated attackers to execute arbitrary OS commands on unpatched devices. Affected devices include Zyxel's 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders.
ThreatCluster AI
Timeline
2025-02-04
CVE-2024-40891 published
2026-02-24
CVE-2025-13942 published
2026-02-24
CVE-2025-13943 published
2026-02-24
CVE-2026-1459 published
2026-02-24
CVE-2025-40540 published
2026-02-25
Zyxel releases security updates for affected devices