CVE-2025-13943
HIGH WAF: High
CVSS 8.8
Published: 2026-02-24
CWE-78
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| zyxel | ee5301-00_firmware | up to 5.63\(acld.2.1\)c0 |
| zyxel | ee3301-00_firmware | up to 5.63\(acmu.2.1\)c0 |
| zyxel | dx5401-b1_firmware | up to 5.17\(abyo.7.1\)c0 |
| zyxel | dx4510-b1_firmware | up to 5.17\(abyl.10.1\)c0 |
| zyxel | dx4510-b0_firmware | up to 5.17\(abyl.10.1\)c0 |
| zyxel | dx3301-t0_firmware | up to 5.50\(abvy.7.1\)c0 |
| zyxel | dx3300-t1_firmware | up to 5.50\(abvy.7.1\)c0 |
| zyxel | dx3300-t0_firmware | up to 5.50\(abvy.7.1\)c0 |
| zyxel | ee6510-10_firmware | up to 5.19\(acjq.4.1\)c0 |
| zyxel | emg3525-t50b_firmware | up to 5.50\(abpm.9.7\)c0 |
References
- www.zyxel.com (Vendor Advisory)