CNNVD-202511-2137 Information

CNNVD ID

CNNVD-202511-2137

Related CVE

CVE-2025-8693

• CNNVD Published: 2025-11-18

Description (Chinese)

Zyxel DX3300-T0是中国合勤（Zyxel）公司的一个小型无线WiFi路由器。 Zyxel DX3300-T0 5.50(ABVY.6.3)C0及之前版本存在操作系统命令注入漏洞，该漏洞源于priv参数存在认证后命令注入，可能导致操作系统命令执行。

Description (English)

Zyxel DX3300-T0 is a small wireless WiFi router of Zyxel. Zyxel DX3300-T0 5.50 (ABVY.6.3) C0 and previous versions have an operational system command leak, which stems from the presence of a post-authentic command injection of the plev parameter, which may lead to the performance of the operating system command.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

合勤

Published

2025-11-18

Last Modified

2026-02-24

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Patch

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025