Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Zyxel EX3510-B0: Remote attacker can run commands on your router
CVE-2025-13942
Summary
The Zyxel EX3510-B0 router has a security flaw that could allow a hacker to send a malicious request to the router and gain control over it, potentially allowing them to access or damage your network. This is a critical issue affecting all versions of the router's firmware up to 5.17(ABUP.15.1)C0. To stay safe, update your router's firmware to the latest version as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| zyxel | wx5610-b0_firmware | <= 5.18\(acgj.0.5\)c0 | – |
| zyxel | lte3301-plus_firmware | <= 1.00\(abqu.9\)c0 | – |
| zyxel | nebula_lte3301-plus_firmware | <= 1.18\(acca.6\)v0 | – |
| zyxel | nr7101_firmware | <= 1.00\(abuv.12\)b2 | – |
| zyxel | nebula_nr7101_firmware | <= 1.16\(accc.1\)v0 | – |
| zyxel | dx4510-b0_firmware | <= 5.17\(abyl.10.1\)c0 | – |
| zyxel | dx4510-b1_firmware | <= 5.17\(abyl.10.1\)c0 | – |
| zyxel | ee6510-10_firmware | <= 5.19\(acjq.4.1\)c0 | – |
| zyxel | emg6726-b10a_firmware | <= 5.13\(abnp.8.2\)c1 | – |
| zyxel | ex2210-t0_firmware | <= 5.50\(acdi.2.4\)c0 | – |
| zyxel | ex3510-b0_firmware | <= 5.17\(abup.15.2\)c0 | – |
| zyxel | ex3510-b1_firmware | <= 5.17\(abup.15.2\)c0 | – |
| zyxel | ex5510-b0_firmware | <= 5.17\(abqx.11.1\)c0 | – |
| zyxel | ex5512-t0_firmware | <= 5.70\(aceg.5.4\)c0 | – |
| zyxel | ex7710-b0_firmware | <= 5.18\(acak.1.6\)c0 | – |
| zyxel | vmg4927-b50a_firmware | <= 5.13\(ably.10.2\)c0 | – |
| zyxel | px3321-t1_firmware | <= 5.44\(acjb.1.5\)c0 | – |
| zyxel | px3321-t1_firmware | <= 5.44\(achk.3\)c0 | – |
| zyxel | px5301-t0_firmware | <= 5.44\(ackb.0.6\)c0 | – |
Original title
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on ...
Original description
A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17(ABUP.15.1)C0 could allow a remote attacker to execute operating system (OS) commands on an affected device by sending specially crafted UPnP SOAP requests.
nvd CVSS3.1
9.8
Vulnerability type
CWE-78
OS Command Injection
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026