CVE-2025-8693OS Command Injection in Zyxel Dx3300-t0 Firmware

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 68.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
54
Zyxel Dx3300-t0 FirmwareZyxel Ax7501-b0 FirmwareZyxel Ax7501-b1 Firmware+51 more
Timeline
PublishedNov 18

Description

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages55 packages

CVEListV5zyxel/dx3300-t0_firmware5.50(ABVY.6.3)C0
NVDzyxel/dx3300-t0_firmware5.50\(abvy.6.3\)c0
NVDzyxel/dx3300-t1_firmware5.50\(abvy.6.3\)c0
NVDzyxel/ax7501-b0_firmware5.17\(abpc.6.1\)c0
NVDzyxel/ax7501-b1_firmware5.17\(abpc.6.1\)c0

🔴Vulnerability Details

2
GHSA
GHSA-jvj8-73h8-vqf9: A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 52025-11-18
CVEList
CVE-2025-8693: A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 52025-11-18
CVE-2025-8693 — OS Command Injection in Zyxel | cvebase