CVE-2025-13943NVD

Vulnerability Summary

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Severity Level

HIGH(8.8)

Published Date

Feb 24, 2026

Last Modified

Feb 25, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026

Critical Alert 2 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-13943NVD

Vulnerability Summary

External References