Cybersecurity News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityNewsZyxel Warns of Critical RCE Flaw Affecting over a Dozen Routers
Zyxel Warns of Critical RCE Flaw Affecting over a Dozen Routers
CybersecurityDefense

Zyxel Warns of Critical RCE Flaw Affecting over a Dozen Routers

•February 25, 2026
0
BleepingComputer
BleepingComputer•Feb 25, 2026

Companies Mentioned

Zyxel

Zyxel

3704

Why It Matters

The flaw exposes millions of broadband endpoints to remote takeover, amplifying attack surface for ISPs and enterprise networks. Prompt patching and device replacement are essential to prevent large‑scale exploitation.

Key Takeaways

  • •Critical RCE flaw affects 12+ Zyxel router models.
  • •Exploit needs both UPnP and WAN access enabled.
  • •120k Zyxel devices exposed online, 76k routers.
  • •Zyxel patched two high‑severity post‑auth command‑injection bugs.
  • •Legacy routers unpatched; replacement strongly recommended.

Pulse Analysis

The newly disclosed CVE‑2025‑13942 underscores a persistent weakness in consumer‑grade networking gear: the UPnP service can be weaponized to execute arbitrary OS commands when exposed to the internet. While Zyxel’s firmware updates close the gap, the vulnerability’s reliance on both UPnP and WAN access—features often left disabled by default—means that only poorly configured deployments are truly at risk. Nonetheless, the sheer volume of exposed devices, highlighted by Shadowserver’s count of over 120,000 internet‑facing Zyxel units, magnifies the potential impact for service providers and their downstream customers.

Beyond the immediate RCE issue, Zyxel’s simultaneous patching of two post‑authentication command‑injection bugs (CVE‑2025‑13943 and CVE‑2026‑1459) reflects a broader trend of layered vulnerabilities in network infrastructure. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is already tracking a dozen Zyxel flaws actively exploited in the wild, indicating that attackers are actively scanning for any misconfiguration. ISP‑deployed routers, which often ship with default credentials and minimal hardening, become attractive footholds for botnets, ransomware delivery, and lateral movement within corporate networks.

Mitigation now hinges on three practical steps: apply Zyxel’s latest firmware patches, verify that UPnP and WAN access are disabled unless explicitly required, and retire legacy models flagged as end‑of‑life. For enterprises managing thousands of endpoints, automated patch management tools and inventory audits are essential to ensure compliance. Meanwhile, the recommendation to replace unpatchable devices with newer, supported hardware not only reduces immediate exposure but also aligns with best practices for supply‑chain resilience and long‑term security posture. As the market continues to adopt 5G and fiber‑optic CPE, vendors must prioritize secure default configurations to curb the next wave of remote exploitation.

Zyxel warns of critical RCE flaw affecting over a dozen routers

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...