HIGHCVE-2026-1460Published Modified CNA Zyxel
CVE-2026-1460: A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Metrics
- CVSS v3.1
- 7.2
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 2
Affected packages
- Zyxel / DX3301-T0 firmware<= 5.50(ABVY.7.1)C0
- Zyxel / EX3301-T0 firmware<= 5.50(ABVY.7.1)C0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HReferences