ByteOS Network

CVE Vulnerability Details :

CVE-2025-13943

PUBLISHED

More Info Official Page

Assigner-Zyxel

Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f

Published At-24 Feb, 2026 | 02:38

Updated At-24 Feb, 2026 | 02:38

▼CVE Numbering Authority (CNA)

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Affected Products

Vendor

Zyxel Networks Corporation

Product

EX3301-T0 firmware

Default Status

unaffected

Versions

Affected

<= 5.50(ABVY.7)C0

Problem Types

Type	CWE ID	Description
CWE	CWE-78	CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Type: CWE

CWE ID: CWE-78

Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026	vendor-advisory

Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-null-pointer-dereference-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-02-24-2026

Resource:

vendor-advisory

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References