Описание
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
Затрагиваемое ПО
Zyxel Nebula fwa70 firmwareZyxel Nebula fwa70Zyxel Nebula fwa505 firmwareZyxel Nebula fwa505Zyxel Nebula fwa510 firmwareZyxel Nebula fwa510Zyxel Nebula fwa515 firmwareZyxel Nebula fwa515Zyxel Nebula fwa710 firmwareZyxel Nebula fwa710Zyxel Nebula lte3301-plus firmwareZyxel Nebula lte3301-plusZyxel Nebula lte7461-m602 firmwareZyxel Nebula lte7461-m602Zyxel Nebula nr5101 firmwareZyxel Nebula nr5101Zyxel Nebula nr7101 firmwareZyxel Nebula nr7101Zyxel Dx3300-t0 firmwareZyxel Dx3300-t0Zyxel Dx3300-t1 firmwareZyxel Dx3300-t1Zyxel Dx3301-t0 firmwareZyxel Dx3301-t0Zyxel Dx5401-b1 firmware
CVSS
| Балл | 7.2 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Источники
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026