CVE-2026-1460 HIGH

CVE-2026-1460

Vendor Zyxel

Product DX3301-T0 firmware

Weakness CWE-78

Published April 28, 2026

Last update April 29, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.

Key dates

02Disclosure timeline

April 28, 2026 CVE published

April 29, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-1460

Related vulnerabilities

Identifiers

CVE CVE-2026-1460

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Zyxel

Product DX3301-T0 firmware

Affected <= 5.50(ABVY.7.1)C0

Vendor Zyxel

Product EX3301-T0 firmware

Affected <= 5.50(ABVY.7.1)C0

CVE-2026-1460

01Description

02Disclosure timeline

03References

04Related CVE