PT-2026-35646 · Zyxel · Ex3301-T0+1

Published

2026-04-28

·

Updated

2026-04-28

·

CVE-2026-1460

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Zyxel DX3301-T0 versions prior to 5.50(ABVY.7.1)C0 Zyxel EX3301-T0 versions prior to 5.50(ABVY.7.1)C0
Description A post-authentication command injection issue exists in the DHCP configuration file. An authenticated attacker with administrator privileges can execute operating system commands on the device by manipulating the DomainName parameter.
Recommendations Update to version 5.50(ABVY.7.1)C0 or later. Avoid using the DomainName parameter in the DHCP configuration file until the update is applied.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-1460

Affected Products

Dx3301-T0
Ex3301-T0