Is CVE-2025-13942 actively exploited?

CVE-2025-13942 has no public evidence of in-the-wild exploitation as of 2026-02-25.

What is the CVSS score for CVE-2025-13942?

CVE-2025-13942 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2025-13942?

Patch guidance is available from zyxel security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-13942.

Fix CVE-2025-13942 - CRITICAL zyxel wx5610-b0 firmware

Q: Which products are affected by CVE-2025-13942?

19 products: zyxel wx5610-b0 firmware, zyxel lte3301-plus firmware, zyxel nebula lte3301-plus firmware, zyxel nr7101 firmware, zyxel nebula nr7101 firmware, and 14 more.

Description

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-78 · OS Command Injection

Metadata

Primary Vendor: ZYXEL
Published: 2/24/2026
Last Modified: 2/25/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zyxel : wx5610-b0_firmwarezyxel : lte3301-plus_firmwarezyxel : nebula_lte3301-plus_firmwarezyxel : nr7101_firmwarezyxel : nebula_nr7101_firmwarezyxel : dx4510-b0_firmwarezyxel : dx4510-b1_firmwarezyxel : ee6510-10_firmwarezyxel : emg6726-b10a_firmwarezyxel : ex2210-t0_firmwarezyxel : ex3510-b0_firmwarezyxel : ex3510-b1_firmwarezyxel : ex5510-b0_firmwarezyxel : ex5512-t0_firmwarezyxel : ex7710-b0_firmwarezyxel : vmg4927-b50a_firmwarezyxel : px3321-t1_firmwarezyxel : px3321-t1_firmwarezyxel : px5301-t0_firmware

Remediation Guidance

Executive Summary

View on NIST NVD