CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2025-11845

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50ABVY.7C0 could allow an authenticated attacker to execute operating system OS commands on an affected device...

CVE-2025-6599

An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50ABVY.6.3C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service DoS attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt...