CVE-2026-1460

· NIST NVD ↗

A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.

HIGH
CVSS severity
7.2
CVSS base score
2026-04-28
Published

CWE codes

CWE-78

Sources