Skip to content
CVSS 7.2 · HIGH

CVE-2026-1460

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.

Ver en NVD

Análisis

This vulnerability affects specific Zyxel router firmware and requires authenticated administrator access to exploit. Since it is limited to hardware models not commonly used in software development stacks and requires high privileges, it does not warrant community attention.

Severidad

Puntaje: 7.2(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: HIGH
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0025 (0.3%)
Percentil: 48.4%
EPSS: 2026-05-06

Descripción técnica

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.

Publicada: 28/4/2026, 3:16:02
Última modificación: 28/4/2026, 20:11:56

Referencias

InicioEventosBlogRecursosEquipo