CVE-2026-1460
Received Received - Intake
Post-Auth Command Injection in Zyxel DHCP DomainName Parameter

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: Zyxel Corporation

Description
A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1460
EUVD
EUVD-2026-25970
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
zyxel dx3301-t0 5.50(ABVY.7.1)C0
zyxel ex3301-t0 5.50(ABVY.7.1)C0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1460 is a post-authentication command injection vulnerability found in the "DomainName" parameter of the DHCP configuration file on certain Zyxel devices, specifically the DX3301-T0 and EX3301-T0 models with firmware versions up to 5.50(ABVY.7.1)C0.

An attacker who is already authenticated with administrator privileges on the device can exploit this vulnerability to execute arbitrary operating system commands. This means the attacker can run commands on the device's underlying OS, potentially taking full control of the device.

WAN access is disabled by default on these devices, so exploitation requires that the attacker has administrative access, typically through compromised credentials.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrator access to execute arbitrary OS commands on the affected device.

  • Complete control over the device's operating system.
  • Potential disruption of network services provided by the device.
  • Possibility of further attacks within the network by leveraging the compromised device.
  • Risk is mitigated somewhat by the requirement for administrative authentication and the default disabling of WAN access.
Detection Guidance

This vulnerability involves a post-authentication command injection in the "DomainName" parameter of the DHCP configuration file on affected Zyxel devices. Detection would require verifying if the device firmware version is vulnerable and checking for unauthorized changes or command executions related to this parameter.

Since exploitation requires administrator privileges and access to the device, detection commands could include inspecting the DHCP configuration file for suspicious entries or unexpected commands in the "DomainName" parameter.

However, no specific detection commands or network scanning methods are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to update the affected Zyxel devices to the patched firmware versions provided by Zyxel. Firmware updates address this vulnerability and are either immediately available or scheduled for release.

Additional mitigation includes ensuring strong password management for administrator accounts, as exploitation requires administrative authentication.

Since WAN access is disabled by default on affected devices, limiting remote exploitation, it is also advisable to maintain this default setting and restrict administrative access to trusted networks.

Users who obtained devices through ISPs should contact their ISP support for assistance due to possible custom configurations.

Compliance Impact

The provided information does not specify how the CVE-2026-1460 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1460. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart