7.2
CVE-2026-1460
- EPSS 1.16%
- Veröffentlicht 28.04.2026 02:06:22
- Zuletzt bearbeitet 08.07.2026 15:29:20
- Quelle security@zyxel.com.tw
- CVE-Watchlists
- Unerledigt
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zyxel ≫ Nebula Fwa70 Firmware Version < 1.51\(acrf.0\)v0
Zyxel ≫ Nebula Fwa505 Firmware Version < 1.60\(acko.3\)v0
Zyxel ≫ Nebula Fwa510 Firmware Version < 1.60\(acgd.1\)v0
Zyxel ≫ Nebula Fwa515 Firmware Version < 1.60\(acpz.1\)v0
Zyxel ≫ Nebula Fwa710 Firmware Version < 1.60\(acgc.2\)v0
Zyxel ≫ Nebula Lte3301-plus Firmware Version < 1.18\(acca.7\)v0
Zyxel ≫ Nebula Lte7461-m602 Firmware Version < 1.15\(acev.4\)v0
Zyxel ≫ Nebula Nr5101 Firmware Version < 1.16\(accg.1\)v0
Zyxel ≫ Nebula Nr7101 Firmware Version < 1.16\(accc.2\)v0
Zyxel ≫ Dx3300-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx3300-t1 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx3301-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Dx5401-b1 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Ee3301-00 Firmware Version < 5.63\(acmu.3.1\)c0
Zyxel ≫ Ee5301-00 Firmware Version < 5.63\(acld.3.1\)c0
Zyxel ≫ Ee6510-10 Firmware Version < 5.19\(acjq.4.2\)c0
Zyxel ≫ Emg3525-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Emg5523-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Ex2210-t0 Firmware Version < 5.50\(acdi.2.5\)c0
Zyxel ≫ Ex3300-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3300-t1 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3301-t0 Firmware Version < 5.50\(abvy.7.2\)c0
Zyxel ≫ Ex3500-t0 Firmware Version < 5.44\(achr.6\)c0
Zyxel ≫ Ex3501-t0 Firmware Version < 5.44\(achr.6\)c0
Zyxel ≫ Ex3600-t0 Firmware Version < 5.70\(acif.3\)c0
Zyxel ≫ Ex5401-b1 Firmware Version < 5.17\(abyo.7.2\)c0
Zyxel ≫ Ex5512-t0 Firmware Version < 5.70\(aceg.5.5\)c0
Zyxel ≫ Ex5601-t0 Firmware Version < 5.70\(acdz.6\)c0
Zyxel ≫ Ex5601-t1 Firmware Version < 5.70\(acdz.6\)c0
Zyxel ≫ Ex7501-b0 Firmware Version < 5.18\(achn.3.2\)c0
Zyxel ≫ Ex7710-b0 Firmware Version < 5.18\(acak.1.7\)c0
Zyxel ≫ Gm4100-b0 Firmware Version < 5.18\(accl.2.1\)c0
Zyxel ≫ Vmg3625-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Vmg4005-b50a Firmware Version < 5.17\(abqa.3.3\)c0
Zyxel ≫ Vmg4005-b60a Firmware Version < 5.17\(abqa.3.3\)c0
Zyxel ≫ Vmg8623-t50b Firmware Version < 5.50\(abpm.9.8\)c0
Zyxel ≫ Am7510-00 Firmware Version < 5.63\(acor.0.2\)c0
Zyxel ≫ Ax7501-b1 Firmware Version < 5.17\(abpc.7.2\)c0
Zyxel ≫ Pe3301-00 Firmware Version < 5.63\(acmt.3.1\)c0
Zyxel ≫ Pe5301-01 Firmware Version < 5.63\(acoj.3.1\)c0
Zyxel ≫ Px5301-t0 Firmware Version < 5.44\(ackb.0.7\)c0
Zyxel ≫ Px5302-00 Firmware Version < 5.44\(acnm.0.1\)c0
Zyxel ≫ We3300-00 Firmware Version < 5.70\(acka.2\)c0
Zyxel ≫ We4600-00 Firmware Version < 6.70\(ackt.1\)c0
Zyxel ≫ Wx5600-t0 Firmware Version < 5.70\(aceb.6\)c0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.16% | 0.629 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zyxel.com.tw | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026