Description
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Published: 2026-04-28
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Apply Update
AI Analysis

Impact

A vulnerable parameter in the DHCP configuration file, named DomainName, allows an attacker who has already authenticated with administrative privileges to inject arbitrary OS commands. The flaw is a classic command injection, identified as CWE‑78, and could lead to uncontrolled execution of malicious system commands, compromising the integrity and confidentiality of the device.

Affected Systems

Zyxel DX3301-T0 and EX3301-T0 routers with firmware versions up to and including 5.50(ABVY.7.1)C0. The affected devices are 4G/LTE and 5G NR CPEs, DSL/ethernet/OPT fiber ONTs, and wireless extenders used by organizations.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity and the lack of an EPSS score means known exploitation data is not currently measurable; however the vulnerability is not yet listed in the CISA KEV catalog. An attacker would need administrative credentials, which are typically limited, but once obtained could execute arbitrary commands on the device. The attack vector is local network or remote if the device is reachable from outside the private network, and the scope is limited to the target device.

Generated by OpenCVE AI on April 28, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Zyxel firmware that removes the vulnerable DomainName parameter processing.
  • Restrict administrative access to trusted IP addresses or enforce strong authentication policies.
  • Monitor device logs for unexpected command execution or configuration changes.

Generated by OpenCVE AI on April 28, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Title Command Injection in Zyxel DX3301-T0 and EX3301-T0 Firmware

Tue, 28 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel dx3301-t0 Firmware
Zyxel ex3301-t0 Firmware
Vendors & Products Zyxel
Zyxel dx3301-t0 Firmware
Zyxel ex3301-t0 Firmware

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Description A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zyxel Dx3301-t0 Firmware Ex3301-t0 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-04-29T03:55:38.320Z

Reserved: 2026-01-27T01:26:25.772Z

Link: CVE-2026-1460

cve-icon Vulnrichment

Updated: 2026-04-28T12:52:47.855Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T03:16:02.313

Modified: 2026-04-28T20:11:56.713

Link: CVE-2026-1460

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:45:31Z

Weaknesses