Zyxel Addresses Critical RCE Flaw in Multiple Router Models

Zyxel Addresses Critical RCE Flaw in Multiple Router Models

First seen 25 Feb 2026, 13:10 UTC FeedlyBleepingcomputerHealthcareitnewsLinkedinSecurityaffairs.Co+6 83% similarity 67.6

Article Content

Browse articles
ThreatCluster

Zyxel has issued security updates for a critical remote command execution vulnerability, tracked as CVE-2025-13942, affecting various router models. The flaw exists in the UPnP function, allowing unauthenticated attackers to execute arbitrary OS commands on unpatched devices. Affected devices include Zyxel's 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders.

ThreatCluster AI

Timeline

2025-02-04
CVE-2024-40891 published
2026-02-24
CVE-2025-13942 published
2026-02-24
CVE-2025-13943 published
2026-02-24
CVE-2026-1459 published
2026-02-24
CVE-2025-40540 published
2026-02-25
Zyxel releases security updates for affected devices

Community

Browse all →