Skip to main content

Zyxel DX3300-T0 CVE-2026-0711

| EUVDEUVD-2026-25968 MEDIUM
OS Command Injection (CWE-78)
2026-04-28 Zyxel
6.8
CVSS 3.1 · Vendor: Zyxel
Share

Severity by source

Vendor (Zyxel) PRIMARY
6.8 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (Zyxel) · only source for this CVE.

CVSS VectorVendor: Zyxel

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 28, 2026 - 03:15 vuln.today
EUVD ID Assigned
Apr 28, 2026 - 03:00 euvd
EUVD-2026-25968
Analysis Generated
Apr 28, 2026 - 03:00 vuln.today
CVE Published
Apr 28, 2026 - 01:57 nvd
MEDIUM 6.8

DescriptionCVE.org

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

AnalysisAI

Command injection in EasyMesh APIs of Zyxel DX3300-T0 firmware through version 5.50(ABVY.7.1)C0 allows authenticated administrators with adjacent network access to execute arbitrary OS commands on the device. The vulnerability requires both administrator privileges and adjacent network positioning (AV:A), significantly limiting exposure to local network attackers rather than remote threat actors. CVSS 6.8 reflects high confidentiality, integrity, and availability impact but is constrained by elevated privilege and adjacency requirements.

Technical ContextAI

The vulnerability exists in the EasyMesh-related APIs, a mesh networking protocol component in Zyxel CPE (customer premises equipment) firmware. EasyMesh APIs handle inter-device communication in mesh topologies and may process command parameters without proper sanitization. CWE-78 (OS Command Injection) indicates the APIs fail to neutralize special characters or metacharacters in user-supplied input before passing it to OS command execution functions, likely in a web interface or local management API. The affected device is a 4G/LTE/5G NR CPE (cellular gateway), running embedded Linux-based firmware vulnerable in versions up to 5.50(ABVY.7.1)C0.

RemediationAI

Apply the vendor-released firmware patch from Zyxel security advisory (https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026) to upgrade DX3300-T0 firmware beyond version 5.50(ABVY.7.1)C0. Pending patch deployment, restrict administrative access to the device web interface and EasyMesh management APIs to trusted local network segments using network segmentation and access control lists. Disable EasyMesh functionality if not operationally required, as this is the attack surface. Monitor local network for anomalous API calls to EasyMesh endpoints. Rotate any shared or potentially compromised administrator credentials before patching, as the vulnerability requires authenticated admin access.

CVE-2025-13943 HIGH
8.8 Feb 24

A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware

CVE-2024-8748 HIGH
7.5 Dec 03

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmwa

CVE-2024-5412 HIGH
7.5 Sep 03

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 cou

CVE-2025-11845 MEDIUM
4.9 Feb 24

A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware ve

CVE-2025-11848 MEDIUM
4.9 Feb 24

A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version throu

CVE-2025-11847 MEDIUM
4.9 Feb 24

A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions thro

CVE-2025-11846 MEDIUM
4.9 Feb 24

A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions

CVE-2024-9197 MEDIUM
4.9 Dec 03

A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B f

CVE-2024-38269 MEDIUM
4.9 Sep 24

An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel

CVE-2024-38268 MEDIUM
4.9 Sep 24

An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG882

CVE-2024-38267 MEDIUM
4.9 Sep 24

An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG88

CVE-2024-38266 MEDIUM
4.9 Sep 24

An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG

Share

CVE-2026-0711 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy