Volerion logoVolerion
Volerion logoVolerion

Zyxel EX3510-B0 Command Injection Vulnerability in UPnP Function

Vulnerability

A command injection vulnerability has been identified in the UPnP function of the Zyxel EX3510-B0 firmware, affecting versions through 5.17(ABUP.15.1)C0. This vulnerability could allow a remote attacker to execute operating system commands on the affected device by sending specially crafted UPnP SOAP requests. The issue arises because the UPnP function can be exploited remotely if both WAN access and UPnP are enabled, despite WAN access being disabled by default.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected device.

Remediation

Users can update to Zyxel's EX3510-B0 firmware version 5.17(ABUP.15.2)C0 to address this vulnerability.

Added: Feb 24, 2026, 3:35 AM
Updated: Feb 24, 2026, 3:35 AM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
7.0
remediation
7.7
relevance
3.1
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.