Zyxel Command Injection (CVE-2025-13942)

Security Advisory: Critical Command Injection Vulnerability in Zyxel EX3510-B0 UPnP Service

Overview

A critical security flaw has been identified in certain Zyxel EX3510-B0 routers. This vulnerability exists within the Universal Plug and Play (UPnP) service, a common feature that allows devices on a network to automatically discover and communicate with each other. Due to improper validation of input, a remote attacker can exploit this flaw to inject and execute arbitrary operating system commands on the affected device.

Vulnerability Details

The vulnerability is a command injection flaw in the UPnP function of the Zyxel EX3510-B0 firmware. Specifically, it affects firmware versions 5.17(ABUP.15.1)C0 and all prior versions.

The UPnP service listens for requests from devices on the network. By sending a specially crafted SOAP request (a type of network message used by UPnP), an attacker can trick the router into executing malicious commands with the device’s system-level privileges. This attack can be performed remotely without requiring authentication to the device.

The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.8 (CRITICAL), indicating a severe risk.

Potential Impact

If successfully exploited, this vulnerability can have severe consequences:

• Full Device Compromise: An attacker can gain complete control over the router, allowing them to modify its configuration, intercept network traffic, or disable it entirely.
• Network Infiltration: A compromised router can serve as a foothold to launch further attacks against other computers, phones, and servers on the internal network.
• Malware Deployment: Attackers could install persistent malware or use the router as part of a botnet for activities like distributed denial-of-service (DDoS) attacks.
• Data Theft: Sensitive data passing through the router could be monitored, intercepted, or redirected.

Affected Products

• Model: Zyxel EX3510-B0
• Affected Firmware Versions: All versions up to and including 5.17(ABUP.15.1)C0.

Remediation and Mitigation

Immediate action is required to protect affected devices.

Primary Solution - Apply a Firmware Update: Zyxel has released a firmware update to address this vulnerability. Users and administrators must:

1. Check the official Zyxel support portal for the latest firmware release for the EX3510-B0 model.
2. Upgrade the device firmware to a version newer than 5.17(ABUP.15.1)C0 as soon as possible.

Interim Mitigation (If Update is Not Immediately Possible): If updating is delayed, consider these steps to reduce risk:

• Disable UPnP: Log into the router’s web administration interface and disable the UPnP (Universal Plug and Play) feature. This will break the automatic functionality for some applications and devices (like gaming consoles) but removes the attack vector.
• Restrict Access: Ensure the router’s management interface is not exposed to the public internet (WAN). It should only be accessible from your local area network (LAN).

General Recommendation: Always maintain network devices on the latest firmware provided by the vendor to ensure known security vulnerabilities are patched.