{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0711", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2026-01-08T08:42:15.633Z", "datePublished": "2026-04-28T01:57:54.011Z", "dateUpdated": "2026-04-29T03:55:39.766Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2026-04-28T01:57:54.011Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')", "type": "CWE"}]}], "affected": [{"vendor": "Zyxel", "product": "DX3300-T0 firmware", "versions": [{"status": "affected", "version": "<= 5.50(ABVY.7.1)C0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device."}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-0711"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-29T03:55:39.766Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0711", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-28T12:53:56.413146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:57:27.371Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "DX3300-T0 firmware", "versions": [{"status": "affected", "version": "<= 5.50(ABVY.7.1)C0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.", "supportingMedia": [{"type": "text/html", "value": "A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2026-04-28T01:57:54.011Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0711", "state": "PUBLISHED", "dateUpdated": "2026-04-29T03:55:39.766Z", "dateReserved": "2026-01-08T08:42:15.633Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2026-04-28T01:57:54.011Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device."}], "id": "CVE-2026-0711", "lastModified": "2026-04-28T20:11:56.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Primary"}]}, "published": "2026-04-28T03:16:02.167", "references": [{"source": "security@zyxel.com.tw", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,5.50(ABVY.7.1)C0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "DX3300-T0 firmware", "source": "cna", "vendor": "Zyxel"}, "product": "dx3300-t0_firmware", "vendor": "zyxel"}], "analysis": {"en": {"generated_at": "2026-04-28T12:32:37.404620+00:00", "value": {"mitigation_remediation": ["Upgrade the Zyxel DX3300\u2011T0 firmware to the latest version that resolves the EasyMesh API command injection issue.", "Temporarily disable the EasyMesh APIs or restrict access to trusted devices only if an immediate firmware upgrade is not possible.", "Apply network segmentation and firewall rules to isolate adjacent devices from the EasyMesh API endpoints and reduce the opportunity for local attackers."], "summary": {"action": "Immediate Patch", "impact": "OS command execution via authenticated command injection"}, "threat_synthesis": {"affected_systems": "Affected are Zyxel DX3300\u2011T0 firmware versions up through 5.50(ABVY.7.1)C0. Devices running any of these firmware releases are vulnerable until patched or replaced.", "description_and_impact": "The vulnerability is a post\u2011authentication command injection flaw located in the EasyMesh\u2011related APIs of Zyxel DX3300\u2011T0 devices. An attacker who has already authenticated and possesses administrator privileges on the local network, typically an adjacent device, can exploit the flaw to execute arbitrary operating\u2011system commands on the affected router. This grants the attacker full control over the device, enabling further compromise or pivoting within the network.", "risk_and_exploitability": "The CVSS base score of 6.8 places the vulnerability in the medium severity range, but the requirement of local authentication with administrative rights limits the pool of potential attackers. The EPSS score is not available, so the exact likelihood of exploitation cannot be quantified, and the vulnerability is not currently listed in CISA\u2019s KEV catalog. Nonetheless, an attacker who can compromise a neighboring device or gain legitimate admin access can readily trigger the flaw, making the risk significant for networks that allow such access."}}}}, "created": "2026-04-28T04:30:20.926064+00:00", "title": "Post\u2011authentication command injection in Zyxel DX3300\u2011T0 EasyMesh APIs", "updated": "2026-04-28T12:45:31.385250+00:00", "vendors": ["zyxel", "zyxel$PRODUCT$dx3300-t0_firmware"]}