Main Vulnerability Database SB2026022439

SB2026022439 - OS Command Injection in Zyxel products

Published: February 24, 2026

Security Bulletin ID SB2026022439

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) OS Command Injection (CVE-ID: CVE-2025-13943)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the log file download function. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026

Vulnerable Software

DM4200-B0: 5.17(ACBS.1.5)C0 and previous versions
DX3300-T0: 5.50(ABVY.7)C0 and previous versions
DX3300-T1: 5.50(ABVY.7)C0 and previous versions
DX3301-T0: 5.50(ABVY.7)C0 and previous versions
DX4510-B0: 5.17(ABYL.10)C0 and previous versions
DX4510-B1: 5.17(ABYL.10)C0 and previous versions
DX5401-B1: 5.17(ABYO.7)C0 and previous versions
EE3301-00: 5.63(ACMU.2)C0 and previous versions
EE5301-00: 5.63(ACLD.2)C0 and previous versions
EE6510-10: 5.19(ACJQ.4)C0 and previous versions
EMG3525-T50B: 5.50(ABPM.9.6)C0 and previous versions
EMG5523-T50B: 5.50(ABPM.9.6)C0 and previous versions
EMG6726-B10A: 5.13(ABNP.8.1)C1 and previous versions
EX2210-T0: 5.50(ACDI.2.3)C0 and previous versions
EX3300-T0: 5.50(ABVY.7)C0 and previous versions
EX3300-T1: 5.50(ABVY.7)C0 and previous versions
EX3301-T0: 5.50(ABVY.7)C0 and previous versions
EX3500-T0: 5.44(ACHR.5)C0 and previous versions
EX3501-T0: 5.44(ACHR.5)C0 and previous versions
EX3510-B0: 5.17(ABUP.15.1)C0 and previous versions
EX3510-B1: 5.17(ABUP.15.1)C0 and previous versions
EX3600-T0: 5.70(ACIF.2)C0 and previous versions
EX5401-B1: 5.17(ABYO.7)C0 and previous versions
EX5510-B0: 5.17(ABQX.11)C0 and previous versions
EX5512-T0: 5.70(ACEG.5.3)C0 and previous versions
EX5601-T0: 5.70(ACDZ.5)C0 and previous versions
EX5601-T1: 5.70(ACDZ.5)C0 and previous versions
EX7501-B0: 5.18(ACHN.3)C0 and previous versions
EX7710-B0: 5.18(ACAK.1.5)C0 and previous versions
GM4100-B0: 5.18(ACCL.1.1)C0 and previous versions
VMG3625-T50B: 5.50(ABPM.9.6)C0 and previous versions
VMG4005-B50A: 5.17(ABQA.3.1)C0 and previous versions
VMG4005-B60A: 5.17(ABQA.3.1)C0 and previous versions
VMG4927-B50A: 5.13(ABLY.10.1)C0 and previous versions
VMG8623-T50B: 5.50(ABPM.9.6)C0 and previous versions
AM7510-00: 5.63(ACOR.0)C0 and previous versions
AX7501-B1: 5.17(ABPC.7)C0 and previous versions
PE3301-00: 5.63(ACMT.2)C0 and previous versions
PE5301-01: 5.63(ACOJ.2)C0 and previous versions
PM3100-T0: 5.42(ACBF.4.1)C0 and previous versions
PM5100-T0: 5.42(ACBF.4.1)C0 and previous versions
PM5100-T1: 5.42(ACBF.4.1)C0 and previous versions
PM7300-T0: 5.42(ABYY.4)C0 and previous versions
PM7500-00: 5.61(ACKK.1.1)C0 and previous versions
PX3321-T1: 5.44(ACJB.1.5)C0 and previous versions
PX5301-T0: 5.44(ACKB.0.5)C0 and previous versions
WE3300-00: 5.70(ACKA.1)C0 and previous versions
WE4600-00: 5.63(ACOR.0)C0 and previous versions
WX3100-T0: 5.50(ABVL.4.8)C0 and previous versions
WX3401-B1: 5.17(ABVE.2.9)C0 and previous versions
WX5600-T0: 5.70(ACEB.5)C0 and previous versions
WX5610-B0: 5.18(ACGJ.0.4)C0 and previous versions

SB2026022439 - OS Command Injection in Zyxel products

Breakdown by Severity

Description

Remediation

References

Please verify you're human