Zyxel has patched a vulnerability in its devices.

Zyxel released security updates addressing a critical command‑injection flaw affecting the UPnP feature in 18 routers, ONTs, and wireless extenders. The bug allows remote code execution via crafted UPnP SOAP requests, though WAN access must be enabled for exploitation. Additional high‑severity vulnerabilities permit authenticated attackers to execute OS commands through log file and certificate‑related functions. Zyxel also fixed several null pointer dereference bugs and published firmware updates for all affected devices.

Read more:

https://www.securityweek.com/zyxel-patches-critical-vulnerability-in-many-device-models/