CVE-2025-13943 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 24, 2026
Zyxel EX3301-T0 - Command Injection
Overview
Zyxel EX3301-T0 <= 5.50(ABVY.7)C0 contains a command injection caused by improper input handling in the log file download function, letting authenticated attackers execute OS commands on the device.
Severity & Score
Impact
Authenticated attackers can execute arbitrary OS commands, potentially leading to full device compromise.
Mitigation
Update to the latest firmware version beyond 5.50(ABVY.7)C0.
Social Media Activity(1 post)
Zyxel addresses critical CVE-2025-13942 RCE affecting UPnP in 4G/5G CPEs, DSL/Ethernet, Fiber ONTs, and wireless extenders. Exploitation requires WAN + UPnP enabled; Shadowserver tracks ~120k exposed devices. Additional post-auth command-injection flaws (CVE-2025-13943, CVE-2026-1459) patched. EOL devices (VMG1312, VMG3312/13, SBG3300/3500) remain unpatched; replacement recommended. Mitigation recommendations: • Apply firmware updates immediately • Disable unnecessary UPnP/WAN access • Monitor network exposure of legacy devices • Track patched vs. unpatched CPEs/routers in enterprise inventories Source: https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-rce-flaw-affecting-over-a-dozen-routers/ How are you prioritizing critical RCE patches for network devices? Comment below and follow for in-depth threat reporting. #NetworkSecurity #IoTSecurity #PatchManagement #RCE #RouterSecurity #CVE #ThreatIntel #Infosec #ZeroTrust #EnterpriseSecurity
View original postRelated Resources
Details
- CVE ID
- CVE-2025-13943
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- unconfirmed
- EPSS
- 17.9%
- Social Posts
- 1
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H