Zyxel Ee3301-00 Firmware vulnerabilities
7 known vulnerabilities affecting zyxel/ee3301-00_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-13943HIGHCVSS 8.8fixed in 5.63\(acmu.2.1\)c02026-02-24
CVE-2025-13943 [HIGH] CWE-78 CVE-2025-13943: A post-authentication command injection vulnerability in the log file download function of the Zyxel
A post-authentication command injection vulnerability in the log file download function of the Zyxel EX3301-T0 firmware versions through 5.50(ABVY.7)C0 could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
nvd
CVE-2025-11846MEDIUMCVSS 4.9fixed in 5.63\(acmu.2.1\)c02026-02-24
CVE-2025-11846 [MEDIUM] CWE-476 CVE-2025-11846: A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T5
A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HT
nvd
CVE-2025-11845MEDIUMCVSS 4.9fixed in 5.63\(acmu.2.1\)c02026-02-24
CVE-2025-11845 [MEDIUM] CWE-476 CVE-2025-11845: A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3
A null pointer dereference vulnerability in the certificate downloader CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a craf
nvd
CVE-2025-11847MEDIUMCVSS 4.9fixed in 5.63\(acmu.2.1\)c02026-02-24
CVE-2025-11847 [MEDIUM] CWE-476 CVE-2025-11847: A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the IP settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP re
nvd
CVE-2025-11848MEDIUMCVSS 4.9fixed in 5.63\(acmu.2.1\)c02026-02-24
CVE-2025-11848 [MEDIUM] CWE-476 CVE-2025-11848: A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B fi
A null pointer dereference vulnerability in the Wake-on-LAN CGI program of the Zyxel VMG3625-T50B firmware version through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50(ABVL.4.8)C0 could allow an authenticated attacker with administrator privileges to trigger a denial-of-service (DoS) condition by sending a crafted HTTP req
nvd
CVE-2025-8693HIGHCVSS 8.8≤ 5.63\(acmu.1.1\)c02025-11-18
CVE-2025-8693 [HIGH] CWE-78 CVE-2025-8693: A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 fir
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
nvd
CVE-2025-6599HIGHCVSS 7.5≤ 5.63\(acmu.1.1\)c02025-11-18
CVE-2025-6599 [MEDIUM] CWE-400 CVE-2025-6599: An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware ver
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other n
nvd