Zyxel warns of critical RCE flaw affecting over a dozen routers
Bleeping Computer
by Sergiu GatlanFebruary 25, 2026
AI-Generated Deep Dive Summary
Zyxel, a leading networking provider in Taiwan, has issued critical security updates to address multiple vulnerabilities affecting over a dozen of its router models. The primary concern is CVE-2025-13942, a remote command execution flaw found in Zyxel's 4G LTE/5G NR CPE devices, DSL/Ethernet CPEs, Fiber ONTs, and wireless extenders. This vulnerability allows unauthenticated attackers to execute OS commands via maliciously crafted UPnP SOAP requests if both UPnP and WAN access are enabled—though the latter is disabled by default. Zyxel has released patches for this issue and two additional high-severity post-authentication command-injection
Verticals
securitytech
Originally published on Bleeping Computer on 2/25/2026