Primary

Context

Zyxel DX3300-T0 Command Injection Vulnerability

Vulnerability

Patched

A post-authentication command injection vulnerability has been identified in the "priv" parameter of the Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier. This vulnerability allows authenticated attackers to execute operating system commands on the affected device. The issue arises in certain DSL/Ethernet CPE, Fiber ONTs, and Wireless Extenders.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands on the affected device.

Remediation

Users can upgrade to Zyxel firmware version 5.50(ABVY.6.4)C0 to address this vulnerability. For devices acquired through an ISP, it is recommended to contact the ISP's support team. For other users, please reach out to the local Zyxel support team or visit Zyxel's Community for assistance.

Added: Nov 18, 2025, 2:17 AM

Updated: Nov 18, 2025, 2:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.9

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zyxel DX3300-T0 Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Zyxel DX3300-T0

Zyxel DX3300-T1

Zyxel DX3301-T0

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating