PatchSiren cyber security CVE debrief
CVE-2026-1460 Zyxel CVE debrief
A post-authentication command injection vulnerability was discovered in the 'DomainName' parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0. This vulnerability allows an authenticated attacker with administrator privileges to execute OS commands on an affected device. The vulnerability has significant implications for organizations using these devices, as it could allow attackers to gain unauthorized access and control.
- Vendor
- Zyxel
- Product
- DX3301-T0 firmware
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-28
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-04-28
- Advisory updated
- 2026-07-08
Who should care
Administrators and users of Zyxel DX3301-T0 and EX3301-T0 devices with firmware versions through 5.50(ABVY.7.1)C0 should apply patches or mitigations to prevent exploitation. Additionally, security teams and vulnerability management teams should be aware of the potential risks and take steps to verify the presence of affected devices in their environments.
Technical summary
The vulnerability exists in the 'DomainName' parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0. An authenticated attacker with administrator privileges can inject OS commands, potentially leading to unauthorized command execution on the affected device. The vulnerability is considered high-severity, with a CVSS score of 7.2. Affected devices are those with firmware versions through 5.50(ABVY.7.1)C0. To address this vulnerability, administrators should focus on verifying and applying the latest firmware updates for affected devices, reviewing and restricting administrator privileges, and implementing additional monitoring and logging to detect potential command injection attempts. Furthermore, organizations should review compensating controls for exposed systems while remediation is scheduled and verified, and track exceptions and retest remediated assets.
Defensive priority
High
Recommended defensive actions
- Verify and apply the latest firmware updates for affected devices.
- Review and restrict administrator privileges to minimize exposure.
- Implement additional monitoring and logging to detect potential command injection attempts.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record and NVD detail provide official information on the vulnerability. Vendor advisory from Zyxel offers mitigation guidance. The vulnerability has been publicly disclosed and its details are available. However, there is limited information on potential exploitation attempts or affected systems. Further verification and monitoring are necessary to confirm the extent of the vulnerability.
Official resources
-
CVE-2026-1460 CVE record
CVE.org
-
CVE-2026-1460 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-28T03:16:02.313Z and has not been modified since then. The NVD entry is currently Analyzed.