6.8
CVE-2026-0711
- EPSS 0.85%
- Veröffentlicht 28.04.2026 01:57:54
- Zuletzt bearbeitet 08.07.2026 15:26:09
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
Libtiff: libtiff write-what-where
A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Nr5307 Firmware Version < 2.00\(acjt.3\)c0
Zyxel ≫ Nebula Fwa515 Firmware Version < 1.60\(acpz.0\)v0
Zyxel ≫ Dx3300-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx3300-t1 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx3301-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx5401-b0 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Dx5401-b1 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Ee3301-00 Firmware Version < 5.63\(acmu.3.1\)c0
Zyxel ≫ Ee5301-00 Firmware Version < 5.63\(acld.3.1\)c0
Zyxel ≫ Ee6510-10 Firmware Version < 5.19\(acjq.4.2\)c0
Zyxel ≫ Emg3525-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Emg5523-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Ex3300-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3300-t1 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3301-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3500-t0 Firmware Version < 5.44\(achr.6\)c0
Zyxel ≫ Ex3501-t0 Firmware Version < 5.44\(achr.6\)c0
Zyxel ≫ Ex3600-t0 Firmware Version < 5.70\(acif.3\)c0
Zyxel ≫ Ex5401-b0 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Ex5401-b1 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Ex5512-t0 Firmware Version < 5.70\(aceg.5.5\)c0
Zyxel ≫ Ex5601-t0 Firmware Version < 5.70\(acdz.6\)c0
Zyxel ≫ Ex5601-t1 Firmware Version < 5.70\(acdz.6\)c0
Zyxel ≫ Ex7501-b0 Firmware Version < 5.18\(achn.3.2\)c0
Zyxel ≫ Vmg3625-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Vmg8623-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Ax7501-b0 Firmware Version < 5.17\(abpc.7.2\)c0
Zyxel ≫ Ax7501-b1 Firmware Version < 5.17\(abpc.7.2\)c0
Zyxel ≫ Pe3301-00 Firmware Version < 5.63\(acmt.3.1\)c0
Zyxel ≫ Pe5301-01 Firmware Version < 5.63\(acoj.3.1\)c0
Zyxel ≫ Px5302-00 Firmware Version < 5.44\(acnm.0.1\)c0
Zyxel ≫ Px5301-t0 Firmware Version < 5.44\(ackb.0.7\)c0
Zyxel ≫ We3300-00 Firmware Version < 5.70\(acka.2\)c0
Zyxel ≫ Wx3100-t0 Firmware Version < 5.50\(abvl.4.10\)c0
Zyxel ≫ We4600-00 Firmware Version < 6.70\(ackt.1\)c0
Zyxel ≫ Wx5600-t0 Firmware Version < 5.70\(aceb.6\)c0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.538 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026