CVE Catalog

CVE-2026-0711

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.91%

56th percentile - higher than 56% of all known CVEs

Summary

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 allows an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Risk Assessment

The risk involves potential full device compromise by an attacker with local network access, leading to data confidentiality, integrity, and availability breaches, as well as further network attacks.

Recommendation

Immediately update the Zyxel DX3300-T0 firmware to the latest version that fixes this vulnerability, and restrict administrative access to trusted users and networks.

Original NVD description (English source)

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS