CVE-2026-0711: A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions

Description

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Affected Products

Vendor	Product	Versions
zyxel	dx3300-t0 firmware	<= 5.50(ABVY.7.1)C0

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026(vendor-advisory)

Related News (1 articles)

Tier C

VulDB12h ago

CVE-2026-0711 | Zyxel DX3300-T0 up to 5.50(ABVY.7.1)C0 EasyMesh-related API os command injection

→ No new info (linked only)

CVSS 3.16.8 MEDIUM

VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026

CWECWE-78

PublishedApr 28, 2026

Last enriched12h agov2

Trending Score45

Source articles1

Independent1

Version History

Last enriched 12h ago

v2Tier C12h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v113h ago

Initial creation

CVE-2026-0711: A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History