Zyxel security vulnerabilities

Multiple reports describe critical command-injection and remote-code-execution flaws across Zyxel routers, CPEs, NAS, and firewall products—some with public PoCs or active exploitation and unpatchable EoL models—prompting urgent firmware updates, mitigations, or device replacement.

List of posts related to this topic

Post Title	Date Published↓	Describes Incident	Feed
Zyxel Vulnerabilities Allow Remote Attackers to Execute Commands via Command Injection	2026-02-26	True	GBHackers Not Subscribed
Critical Zyxel router flaw exposed devices to remote attacks	2026-02-25	True	Security Affairs Not Subscribed
Zyxel warns of critical RCE flaw affecting over a dozen routers	2026-02-25	True	Bleeping Computer Not Subscribed
Zyxel won’t patch newly exploited flaws in end-of-life routers	2025-02-04	True	Bleeping Computer Not Subscribed
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers	2025-01-29	True	Dark Reading Not Subscribed
Zyxel warns of critical OS command injection flaw in routers	2024-09-03	True	Bleeping Computer Not Subscribed
Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes	2024-06-05	True	The Register (Security) Not Subscribed
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models	2024-06-05	True	The Hacker News Not Subscribed
Zyxel issues emergency RCE patch for end-of-life NAS devices	2024-06-04	True	Bleeping Computer Not Subscribed
CVE-2022-30525	2022-05-17	True	Arctic Wolf Blog Not Subscribed