Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

CVE-2025-13942

Zyxel issues patches for critical UPnP command injection affecting dozens of routers

News, Vendors, Vulnerabilities

February 26, 2026

Zyxel released updates for a critical UPnP command injection, CVE-2025-13942, that can allow unauthenticated remote command execution on many routers. Exploitation requires UPnP and WAN access to be enabled and patches are available.

About
Editorial Policy
Privacy
Contact