CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

EUVD-2026-25970

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2026-1460

CVE-2026-1460 affects Zyxel DX3301-T0 and EX3301-T0 devices up to firmware 5.50(ABVY.7.1)C0. A post-authentication command-injection vulnerability exists in the DHCP configuration file’s DomainName parameter. An authenticated attacker with administrator privileges could execute OS commands on an ...

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

CVE-2026-0711

The CVE-2026-0711 issue affects Zyxel DX3300-T0 devices with firmware up to 5.50(ABVY.7.1)C0, where a post-authentication command injection exists in the EasyMesh-related APIs. An authenticated, adjacent attacker with administrator privileges can execute OS commands on the device, enabling high i...

EUVD-2026-25968

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

CVE-2026-0711

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

PT-2026-35646

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected...

PT-2026-35645

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50ABVY.7.1C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device...

Zyxel DX3301-T0和Zyxel EX3301-T0 操作系统命令注入漏洞

Both the Zyxel DX3301-T0 and Zyxel EX3301-T0 are products of the Chinese company Zyxel. The Zyxel DX3301-T0 is a small wireless WiFi router. The Zyxel EX3301-T0 is a secure routing gateway. Both the Zyxel DX3301-T0 and Zyxel EX3301-T0, including versions 5.50ABVY.7.1C0 and earlier, have an...

Zyxel DX3300-T0 操作系统命令注入漏洞

The Zyxel DX3300-T0 is a small wireless WiFi router produced by the Chinese company Zyxel. Versions of the Zyxel DX3300-T0 prior to 5.50ABVY.7.1C0 contained an operating system command injection vulnerability. This vulnerability stemmed from a command injection flaw in the APIs related to EasyMes...

CVE-2025-11848

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-11846

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-11847

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-11845

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50ABPM.9.6C0 and the Zyxel WX3100-T0 firmware versions through 5.50ABVL.4.8C0 could allow an authenticated attacker with administrator privileges to trigger a...

CVE-2025-13943

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50ABVY.7C0 could allow an authenticated attacker to execute operating system OS commands on an affected device...