Volerion logoVolerion
Volerion logoVolerion

Zyxel EX3301-T0 Command Injection Vulnerability in Log File Download Function

Vulnerability

A post-authentication command injection vulnerability has been identified in the log file download function of the Zyxel EX3301-T0 firmware. This vulnerability, present in versions through 5.50(ABVY.7)C0, allows an authenticated attacker to execute operating system commands on the affected device. The issue arises in the log file download feature, where improper input validation enables command injection.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution on the affected device.

Remediation

Users can upgrade to Zyxel's official firmware version 5.50(ABVY.7.1)C0 to address this vulnerability. For devices acquired through an ISP, contact the ISP's support team. For other users, reach out to the local Zyxel support team or visit Zyxel's Community for assistance.

Added: Feb 24, 2026, 3:34 AM
Updated: Feb 24, 2026, 3:34 AM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
3.5
remediation
7.7
relevance
3.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.