Post-Authentication Command Injection Vulnerability in Zyxel DX3300-T0 Firmware
CVE-2026-0711

6.8MEDIUM

Key Information:

Vendor: Zyxel
Status: Dx3300-t0 Firmware
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-0711?

A command injection vulnerability has been identified in the EasyMesh-related APIs of the Zyxel DX3300-T0 firmware. This issue allows an authenticated attacker possessing administrator privileges to execute arbitrary OS commands on the device. Such exploitation could lead to unauthorized actions affecting the integrity and security of the system. Proper remediation measures are essential to mitigate potential risks associated with this vulnerability.

Affected Version(s)

DX3300-T0 firmware <= 5.50(ABVY.7.1)C0

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-0711 Data

JSON