CVE-2026-1460
published 2026-04-28CVE-2026-1460: A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zyxel | dx3301-t0_firmware | <= 5.50(ABVY.7.1)C0 | — |
| zyxel | ex3301-t0_firmware | <= 5.50(ABVY.7.1)C0 | — |