CVE-2025-8693: A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an…

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Affected

56 ranges· showing 25

Vendor	Product	Version range	Fixed in
zyxel	ax7501-b0_firmware	<= 5.17\(abpc.6.1\)c0	—
zyxel	ax7501-b1_firmware	<= 5.17\(abpc.6.1\)c0	—
zyxel	dm4200-b0_firmware	<= 5.17\(acbs.1.3\)c0	—
zyxel	dx3300-t0_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	dx3300-t1_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	dx3301-t0_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	dx4510-b1_firmware	<= 5.17\(abyl.9\)c0	—
zyxel	dx5401-b0_firmware	<= 5.17\(abyo.7\)b2	—
zyxel	dx5401-b1_firmware	<= 5.17\(abyo.7\)b2	—
zyxel	ee3301-00_firmware	<= 5.63\(acmu.1.1\)c0	—
zyxel	ee5301-00_firmware	<= 5.63\(acld.1.1\)c0	—
zyxel	ee6510-10_firmware	<= 5.19\(acjq.3\)c0	—
zyxel	emg3525-t50b_firmware	<= 5.50\(abpm.9.5\)c0	—
zyxel	emg5523-t50b_firmware	<= 5.50\(abpm.9.5\)c0	—
zyxel	emg5723-t50k_firmware	<= 5.50\(abom.8.6\)c0	—
zyxel	ex3300-t0_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	ex3300-t0_firmware	<= 5.50\(acdi.2.1\)c0	—
zyxel	ex3300-t1_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	ex3301-t0_firmware	<= 5.50\(abvy.6.3\)c0	—
zyxel	ex3500-t0_firmware	<= 5.44\(achr.4\)c0	—
zyxel	ex3501-t0_firmware	<= 5.44\(achr.4\)c0	—
zyxel	ex3510-b0_firmware	<= 5.17\(abup.15\)c0	—
zyxel	ex3510-b1_firmware	<= 5.17\(abup.15\)c0	—
zyxel	ex3600-t0_firmware	<= 5.70\(acif.1.2\)c0	—
zyxel	ex5401-b0_firmware	<= 5.17\(abyo.7\)b2	—