CISA recently issued alerts regarding critical vulnerabilities in Zyxel Router firmware. These vulnerabilities, if exploited, could allow attackers to execute unauthorized commands on affected devices.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
VULNERABILITIES
Here are the latest Known Exploited Vulnerabilities including Zyxel Routers recently released by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
Vendor/Product: Zyxel AX7501-B1 Router Firmware
Description: The post-authentication command injection vulnerability in the ”zyUtilMailSend” function of certain DSL/Ethernet CPE, fiber ONT, and WiFi extender firmware versions.
Impact: An authenticated attacker with administrator privileges could execute operating system (OS) commands on the device.
Source: CVE-2024-12010
Max Severity: High
CVSS Score: 7.2
Mitigation:
- Ensure all Zyxel devices are running the latest firmware versions. Check Zyxel's official website for updates and patches.
Vendor/Product: Zyxel EX5601-T1 Router Firmware
Description: The post-authentication command injection vulnerability in the "ZyEE" function of certain DSL/Ethernet CPE, fiber ONT, and WiFi extender firmware versions.
Impact: Similar to the AX7501-B1, this vulnerability allows an authenticated attacker with administrator privileges to execute OS commands.
Source: CVE-2024-12009
Max Severity: High
CVSS Score: 7.2
Mitigation: Ensure all Zyxel devices are running the latest firmware versions. Check Zyxel's official website for updates and patches.
Vendor/Product: Zyxel VMG8825-T50K Router Firmware
Description: A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier.
Impact: This vulnerability could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.
Source: CVE-2025-11253
Max Severity: High
CVSS Score: 7.2
Mitigation: Ensure all Zyxel devices are running the latest firmware versions. Check Zyxel's official website for updates and patches.
