Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0711

Summary
Assigner-Zyxel
Assigner Org ID-96e50032-ad0d-4058-a115-4d2c13821f9f
Published At-28 Apr, 2026 | 01:57
Updated At-29 Apr, 2026 | 03:55
Rejected At-
Credits

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zyxel
Assigner Org ID:96e50032-ad0d-4058-a115-4d2c13821f9f
Published At:28 Apr, 2026 | 01:57
Updated At:29 Apr, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

Affected Products
Vendor
Zyxel Networks CorporationZyxel
Product
DX3300-T0 firmware
Default Status
unaffected
Versions
Affected
  • <= 5.50(ABVY.7.1)C0
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026
vendor-advisory
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zyxel.com.tw
Published At:28 Apr, 2026 | 03:16
Updated At:28 Apr, 2026 | 03:16

A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-78Primarysecurity@zyxel.com.tw
CWE ID: CWE-78
Type: Primary
Source: security@zyxel.com.tw
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026security@zyxel.com.tw
N/A
Hyperlink: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026
Source: security@zyxel.com.tw
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

113Records found
CVE-2021-20638
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 56.31%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 06:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-logitechLOGITEC CORPORATION
Product-lan-w300n\/pgrblan-w300n\/pgrb_firmwareLAN-W300N/PGRB
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20639
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 56.31%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 06:15
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

Action-Not Available
Vendor-logitechLOGITEC CORPORATION
Product-lan-w300n\/pgrblan-w300n\/pgrb_firmwareLAN-W300N/PGRB
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-20719
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.29% / 52.43%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 01:15
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.

Action-Not Available
Vendor-nippon-antennaNIPPON ANTENNA Co.,Ltd.
Product-rfntpsrfntps_firmwareRFNTPS
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-20319
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 46.78%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 17:48
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Command Execution through Scripted Input Files in Splunk Enterprise

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13447
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 33.89%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 14:31
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Action-Not Available
Vendor-Progress Software Corporation
Product-connection_manager_for_objectscale*multi-tenant_hypervisorecs_connection_managermoveit_wafloadmasterLoadMaster
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-13444
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 14.02%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 14:26
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

Action-Not Available
Vendor-Progress Software Corporation
Product-connection_manager_for_objectscalemulti-tenant_hypervisorecs_connection_managermoveit_wafloadmasterMulti Tenant LoadMasterLoadMaster
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-5636
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.52%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 02:25
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to send a specially crafted request to a specific URL, which may result in an arbitrary command execution.

Action-Not Available
Vendor-NEC Platforms, Ltd.NEC Corporation
Product-aterm_sa3500gaterm_sa3500g_firmwareAterm SA3500G
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-35519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.25% / 47.85%
||
7 Day CHG~0.00%
Published-14 Oct, 2024 | 00:00
Updated-17 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex6100_firmwareex6120ex6100ex6120_firmwareex3700ex3700_firmwaren/aex6100ex3700ex6120
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-28767
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 41.39%
||
7 Day CHG+0.05%
Published-20 Dec, 2024 | 13:48
Updated-15 Aug, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Integrator command execution

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_integratorSecurity Directory Integrator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-25579
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-28 Feb, 2024 | 23:08
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-WRC-1167GST2WRC-2533GS2V-BWMC-2LX2-BWMC-X1800GST2-BWRC-2533GS2-BWRC-1167GS2H-BWRC-1167GS2-BWRC-2533GS2-WWRC-G01-WWRC-2533GST2WMC-X1800GST-BWRC-X3200GST3-BWSC-X1800GS2-Bwmc-x1800gst-b_firmwarewrc-1167gst2_firmwarewrc-1167gs2h-b_firmwarewrc-2533gs2-b_firmwarewrc-2533gs2v-b_firmwarewrc-g01-w_firmwarewrc-2533gst2_firmwarewrc-x3200gst3-b_firmwarewrc-2533gs2-w_firmwarewrc-1167gs2-b_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22065
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 55.30%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 01:58
Updated-28 Jan, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZTE MF258 Pro product has a OS Command injection vulnerability

There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.

Action-Not Available
Vendor-ZTE Corporation
Product-mf258k_pro_firmwaremf258k_proMF258 Promf258_pro_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22372
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.27%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 04:38
Updated-12 May, 2026 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wrc-x6000xs-g_firmwarewrc-x6000xs-gwrc-x1800gsa-b_firmwarewrc-x1800gs-b_firmwarewrc-x1800gsh-bwrc-x6000xst-g_firmwarewrc-x1800gsa-bwrc-x1800gs-bwrc-x6000xst-gwrc-x1800gsh-b_firmwareWRC-XE5400GSA-GWRC-X3000GS2-BWRC-X1800GS-BWRC-X3000GS2A-BWRC-X3000GST2-BWRC-X6000XST-GWRC-X1500GS-BWRC-X6000XS-GWRC-X1800GSH-BWRC-X6000QS-GWRC-X3000GS2-WWRC-XE5400GS-GWRC-X6000QSA-GWRC-X1500GSA-BWRC-X1800GSA-B
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-22366
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.11%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 04:35
Updated-20 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier.

Action-Not Available
Vendor-yamahaYamaha Corporation
Product-wlx313wlx222wlx212wlx413_firmwarewlx222_firmwarewlx313_firmwarewlx413wlx212_firmwarewlx202wlx202_firmwareWLX202WLX222WLX212WLX413WLX313
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found