8.8

CVE-2025-8693

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZyxelDm4200-b0 Firmware Version <= 5.17\(acbs.1.3\)c0
   ZyxelDm4200-b0 Version-
ZyxelDx3300-t0 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelDx3300-t0 Version-
ZyxelDx3300-t1 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelDx3300-t1 Version-
ZyxelDx3301-t0 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelDx3301-t0 Version-
ZyxelDx4510-b1 Firmware Version <= 5.17\(abyl.9\)c0
   ZyxelDx4510-b1 Version-
ZyxelDx5401-b0 Firmware Version <= 5.17\(abyo.7\)b2
   ZyxelDx5401-b0 Version-
ZyxelDx5401-b1 Firmware Version <= 5.17\(abyo.7\)b2
   ZyxelDx5401-b1 Version-
ZyxelEe3301-00 Firmware Version <= 5.63\(acmu.1.1\)c0
   ZyxelEe3301-00 Version-
ZyxelEe5301-00 Firmware Version <= 5.63\(acld.1.1\)c0
   ZyxelEe5301-00 Version-
ZyxelEe6510-10 Firmware Version <= 5.19\(acjq.3\)c0
   ZyxelEe6510-10 Version-
ZyxelEx3300-t0 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelEx3300-t0 Version-
ZyxelEx3300-t0 Firmware Version <= 5.50\(acdi.2.1\)c0
   ZyxelEx3300-t0 Version-
ZyxelEx3300-t1 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelEx3300-t1 Version-
ZyxelEx3301-t0 Firmware Version <= 5.50\(abvy.6.3\)c0
   ZyxelEx3301-t0 Version-
ZyxelEx3500-t0 Firmware Version <= 5.44\(achr.4\)c0
   ZyxelEx3500-t0 Version-
ZyxelEx3501-t0 Firmware Version <= 5.44\(achr.4\)c0
   ZyxelEx3501-t0 Version-
ZyxelEx3510-b0 Firmware Version <= 5.17\(abup.15\)c0
   ZyxelEx3510-b0 Version-
ZyxelEx3510-b1 Firmware Version <= 5.17\(abup.15\)c0
   ZyxelEx3510-b1 Version-
ZyxelEx3600-t0 Firmware Version <= 5.70\(acif.1.2\)c0
   ZyxelEx3600-t0 Version-
ZyxelEx5401-b0 Firmware Version <= 5.17\(abyo.7\)b2
   ZyxelEx5401-b0 Version-
ZyxelEx5401-b1 Firmware Version <= 5.17\(abyo.7\)b2
   ZyxelEx5401-b1 Version-
ZyxelEx5501-b0 Firmware Version <= 5.17\(abry.5.5\)c0
   ZyxelEx5501-b0 Version-
ZyxelEx5510-b0 Firmware Version <= 5.17\(abqx.10\)c0
   ZyxelEx5510-b0 Version-
ZyxelEx5512-t0 Firmware Version <= 5.70\(aceg.5\)c0
   ZyxelEx5512-t0 Version-
ZyxelEx5601-t0 Firmware Version <= 5.70\(acdz.4.1\)c0
   ZyxelEx5601-t0 Version-
ZyxelEx5601-t1 Firmware Version <= 5.70\(acdz.4.1\)c0
   ZyxelEx5601-t1 Version-
ZyxelEx7501-b0 Firmware Version <= 5.18\(achn.2.1\)c0
   ZyxelEx7501-b0 Version-
ZyxelEx7710-b0 Firmware Version <= 5.18\(acak.1.4\)c0
   ZyxelEx7710-b0 Version-
ZyxelEmg3525-t50b Firmware Version <= 5.50\(abpm.9.5\)c0
   ZyxelEmg3525-t50b Version-
ZyxelEmg5523-t50b Firmware Version <= 5.50\(abpm.9.5\)c0
   ZyxelEmg5523-t50b Version-
ZyxelEmg5723-t50k Firmware Version <= 5.50\(abom.8.6\)c0
   ZyxelEmg5723-t50k Version-
ZyxelGm4100-b0 Firmware Version <= 5.18\(accl.1\)c0
   ZyxelGm4100-b0 Version-
ZyxelVmg3625-t50b Firmware Version <= 5.50\(abpm.9.5\)c0
   ZyxelVmg3625-t50b Version-
ZyxelVmg3927-t50k Firmware Version <= 5.50\(abom.8.6\)c0
   ZyxelVmg3927-t50k Version-
ZyxelVmg4005-b50a Firmware Version <= 5.17\(abqa.3\)c0
   ZyxelVmg4005-b50a Version-
ZyxelVmg4005-b60a Firmware Version <= 5.17\(abqa.3\)c0
   ZyxelVmg4005-b60a Version-
ZyxelVmg4005-b50b Firmware Version <= 5.13\(abrl.5.3\)c0
   ZyxelVmg4005-b50b Version-
ZyxelVmg8623-t50b Firmware Version <= 5.50\(abpm.9.5\)c0
   ZyxelVmg8623-t50b Version-
ZyxelVmg8825-t50k Firmware Version <= 5.50\(abom.8.6\)c0
   ZyxelVmg8825-t50k Version-
ZyxelAx7501-b0 Firmware Version <= 5.17\(abpc.6.1\)c0
   ZyxelAx7501-b0 Version-
ZyxelAx7501-b1 Firmware Version <= 5.17\(abpc.6.1\)c0
   ZyxelAx7501-b1 Version-
ZyxelPe3301-00 Firmware Version <= 5.63\(acmt.1.1\)c0
   ZyxelPe3301-00 Version-
ZyxelPe5301-01 Firmware Version <= 5.63\(acoj.1.1\)c0
   ZyxelPe5301-01 Version-
ZyxelPm3100-t0 Firmware Version <= 5.42\(acbf.3\)c0
   ZyxelPm3100-t0 Version-
ZyxelPm5100-t0 Firmware Version <= 5.42\(acbf.3\)c0
   ZyxelPm5100-t0 Version-
ZyxelPm7500-00 Firmware Version <= 5.61\(ackk.1\)c0
   ZyxelPm7500-00 Version-
ZyxelPm7300-t0 Firmware Version <= 5.42\(abyy.3\)c0
   ZyxelPm7300-t0 Version-
ZyxelPx3321-t1 Firmware Version <= 5.44\(acjb.1.3\)c0
   ZyxelPx3321-t1 Version-
ZyxelPx3321-t1 Firmware Version <= 5.44\(achk.1\)c0
   ZyxelPx3321-t1 Version-
ZyxelPx5301-t0 Firmware Version <= 5.44\(ackb.0.4\)c0
   ZyxelPx5301-t0 Version-
ZyxelWe3300-00 Firmware Version <= 5.70\(acka.0\)c0
   ZyxelWe3300-00 Version-
ZyxelWx3100-t0 Firmware Version <= 5.50\(abvl.4.7\)c0
   ZyxelWx3100-t0 Version-
ZyxelWx3401-b0 Firmware Version <= 5.17\(abve.2.8\)c0
   ZyxelWx3401-b0 Version-
ZyxelWx3401-b1 Firmware Version <= 5.17\(abve.2.8\)c0
   ZyxelWx3401-b1 Version-
ZyxelWx5600-t0 Firmware Version <= 5.70\(aceb.4.1\)c0
   ZyxelWx5600-t0 Version-
ZyxelWx5610-b0 Firmware Version <= 5.18\(acgj.0.3\)c0
   ZyxelWx5610-b0 Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.321
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@zyxel.com.tw 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.