Zyxel has published updates and security patches for several null pointer dereference and command injection vulnerabilities impacting multiple device types including:
- 4G LTE / 5G NR customer premises equipment (CPE)
- DSL & Ethernet CPE
- Fiber ONTs (Optical Network Terminals)
- Security routers
- Wireless extenders
These vulnerabilities affect devices only if the firmware version is older than the patched versions Zyxel lists. Users of affected devices are strongly advised to update firmware promptly to protect against potential attacks.
What the Vulnerabilities Do
The advisory covers both denial-of-service and command injection issues:
🔹 Null Pointer Dereference (DoS) Issues
These flaws can cause devices to crash or become unresponsive when a specially crafted HTTP request is sent — but only if an attacker already has administrator access:
- CVE-2025-11845 – certificate downloader program
- CVE-2025-11846 – account settings
- CVE-2025-11847 – IP settings
- CVE-2025-11848 – Wake-on-LAN handler
(All of these can result in denial-of-service if exploited after login)
🔹 Command Injection Issues
These are more severe because they could let attackers execute OS-level commands:
- CVE-2025-13942 – UPnP function
• May allow a remote attacker to execute system commands via specially crafted UPnP SOAP requests if UPnP and WAN access are enabled. - CVE-2025-13943 – Log-file download function
• An authenticated admin could execute commands in certain CPE/fiber/ extender models. - CVE-2026-1459 – TR-369 certificate download CGI
• A post-authentication command injection affecting some DSL/Ethernet firmware.
Important: WAN (internet) access is disabled by default on these devices, meaning exploitation from outside the local network typically requires additional conditions like weak credentials or misconfiguration.
Affected Models & Firmware Updates
Zyxel has identified specific models and the minimum firmware versions that fix these flaws. Examples include:
| Product Category | Example Model | Vulnerable Firmware | Patched Version |
|---|---|---|---|
| 4G/5G NR CPE | Nebula FWA505 | ≤ 1.19(ACKO.0)C0 | 1.60(ACKO.2)V0 |
| DSL/Ethernet CPE | DX3300-T0 | ≤ 5.50(ABVY.7)C0 | 5.50(ABVY.7.1)C0 |
| Fiber ONT | EX3510-B0 | ≤ 5.17(ABUP.15.1)C0 | 5.17(ABUP.15.2)C0 |
| Security Router / Extender | EMG3525-T50B | ≤ 5.50(ABPM.9.6)C0 | 5.50(ABPM.9.7)C0 |
Zyxel’s tables in the advisory list many more specific models and their updated firmware versions.
Recommendations
To protect your network:
- Check your device model and current firmware version.
- Update to the latest fixed firmware released by Zyxel for your model.
- Ensure strong admin passwords to reduce risk of exploitation.
- If you use features like UPnP or remote WAN access, consider disabling them unless required.
- If your hardware is no longer receiving updates, consider replacing it.
