CVE-2026-0711 MEDIUM

CVE-2026-0711

Vendor Zyxel
Product DX3300-T0 firmware
Weakness CWE-78
Published April 28, 2026
Last update April 29, 2026

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Key dates

02Disclosure timeline

April 28, 2026 CVE published
April 29, 2026 Record updated