CVE-2025-8693

Dec. 15, 2025, 2:03 p.m.

8.8
High

Description

A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.

Product(s) Impacted

Vendor Product Versions
Zyxel
  • Dm4200-b0 Firmware
  • Dm4200-b0
  • Dx3300-t0 Firmware
  • Dx3300-t0
  • Dx3300-t1 Firmware
  • Dx3300-t1
  • Dx3301-t0 Firmware
  • Dx3301-t0
  • Dx4510-b1 Firmware
  • Dx4510-b1
  • Dx5401-b0 Firmware
  • Dx5401-b0
  • Dx5401-b1 Firmware
  • Dx5401-b1
  • Ee3301-00 Firmware
  • Ee3301-00
  • Ee5301-00 Firmware
  • Ee5301-00
  • Ee6510-10 Firmware
  • Ee6510-10
  • Ex3300-t0 Firmware
  • Ex3300-t0
  • Ex3300-t1 Firmware
  • Ex3300-t1
  • Ex3301-t0 Firmware
  • Ex3301-t0
  • Ex3500-t0 Firmware
  • Ex3500-t0
  • Ex3501-t0 Firmware
  • Ex3501-t0
  • Ex3510-b0 Firmware
  • Ex3510-b0
  • Ex3510-b1 Firmware
  • Ex3510-b1
  • Ex3600-t0 Firmware
  • Ex3600-t0
  • Ex5401-b0 Firmware
  • Ex5401-b0
  • Ex5401-b1 Firmware
  • Ex5401-b1
  • Ex5501-b0 Firmware
  • Ex5501-b0
  • Ex5510-b0 Firmware
  • Ex5510-b0
  • Ex5512-t0 Firmware
  • Ex5512-t0
  • Ex5601-t0 Firmware
  • Ex5601-t0
  • Ex5601-t1 Firmware
  • Ex5601-t1
  • Ex7501-b0 Firmware
  • Ex7501-b0
  • Ex7710-b0 Firmware
  • Ex7710-b0
  • Emg3525-t50b Firmware
  • Emg3525-t50b
  • Emg5523-t50b Firmware
  • Emg5523-t50b
  • Emg5723-t50k Firmware
  • Emg5723-t50k
  • Gm4100-b0 Firmware
  • Gm4100-b0
  • Vmg3625-t50b Firmware
  • Vmg3625-t50b
  • Vmg3927-t50k Firmware
  • Vmg3927-t50k
  • Vmg4005-b50a Firmware
  • Vmg4005-b50a
  • Vmg4005-b60a Firmware
  • Vmg4005-b60a
  • Vmg4005-b50b Firmware
  • Vmg4005-b50b
  • Vmg8623-t50b Firmware
  • Vmg8623-t50b
  • Vmg8825-t50k Firmware
  • Vmg8825-t50k
  • Ax7501-b0 Firmware
  • Ax7501-b0
  • Ax7501-b1 Firmware
  • Ax7501-b1
  • Pe3301-00 Firmware
  • Pe3301-00
  • Pe5301-01 Firmware
  • Pe5301-01
  • Pm3100-t0 Firmware
  • Pm3100-t0
  • Pm5100-t0 Firmware
  • Pm5100-t0
  • Pm7500-00 Firmware
  • Pm7500-00
  • Pm7300-t0 Firmware
  • Pm7300-t0
  • Px3321-t1 Firmware
  • Px3321-t1
  • Px5301-t0 Firmware
  • Px5301-t0
  • We3300-00 Firmware
  • We3300-00
  • Wx3100-t0 Firmware
  • Wx3100-t0
  • Wx3401-b0 Firmware
  • Wx3401-b0
  • Wx3401-b1 Firmware
  • Wx3401-b1
  • Wx5600-t0 Firmware
  • Wx5600-t0
  • Wx5610-b0 Firmware
  • Wx5610-b0
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o zyxel dm4200-b0_firmware / / / / / / / /
h zyxel dm4200-b0 - / / / / / / /
o zyxel dx3300-t0_firmware / / / / / / / /
h zyxel dx3300-t0 - / / / / / / /
o zyxel dx3300-t1_firmware / / / / / / / /
h zyxel dx3300-t1 - / / / / / / /
o zyxel dx3301-t0_firmware / / / / / / / /
h zyxel dx3301-t0 - / / / / / / /
o zyxel dx4510-b1_firmware / / / / / / / /
h zyxel dx4510-b1 - / / / / / / /
o zyxel dx5401-b0_firmware / / / / / / / /
h zyxel dx5401-b0 - / / / / / / /
o zyxel dx5401-b1_firmware / / / / / / / /
h zyxel dx5401-b1 - / / / / / / /
o zyxel ee3301-00_firmware / / / / / / / /
h zyxel ee3301-00 - / / / / / / /
o zyxel ee5301-00_firmware / / / / / / / /
h zyxel ee5301-00 - / / / / / / /
o zyxel ee6510-10_firmware / / / / / / / /
h zyxel ee6510-10 - / / / / / / /
o zyxel ex3300-t0_firmware / / / / / / / /
h zyxel ex3300-t0 - / / / / / / /
o zyxel ex3300-t0_firmware / / / / / / / /
h zyxel ex3300-t0 - / / / / / / /
o zyxel ex3300-t1_firmware / / / / / / / /
h zyxel ex3300-t1 - / / / / / / /
o zyxel ex3301-t0_firmware / / / / / / / /
h zyxel ex3301-t0 - / / / / / / /
o zyxel ex3500-t0_firmware / / / / / / / /
h zyxel ex3500-t0 - / / / / / / /
o zyxel ex3501-t0_firmware / / / / / / / /
h zyxel ex3501-t0 - / / / / / / /
o zyxel ex3510-b0_firmware / / / / / / / /
h zyxel ex3510-b0 - / / / / / / /
o zyxel ex3510-b1_firmware / / / / / / / /
h zyxel ex3510-b1 - / / / / / / /
o zyxel ex3600-t0_firmware / / / / / / / /
h zyxel ex3600-t0 - / / / / / / /
o zyxel ex5401-b0_firmware / / / / / / / /
h zyxel ex5401-b0 - / / / / / / /
o zyxel ex5401-b1_firmware / / / / / / / /
h zyxel ex5401-b1 - / / / / / / /
o zyxel ex5501-b0_firmware / / / / / / / /
h zyxel ex5501-b0 - / / / / / / /
o zyxel ex5510-b0_firmware / / / / / / / /
h zyxel ex5510-b0 - / / / / / / /
o zyxel ex5512-t0_firmware / / / / / / / /
h zyxel ex5512-t0 - / / / / / / /
o zyxel ex5601-t0_firmware / / / / / / / /
h zyxel ex5601-t0 - / / / / / / /
o zyxel ex5601-t1_firmware / / / / / / / /
h zyxel ex5601-t1 - / / / / / / /
o zyxel ex7501-b0_firmware / / / / / / / /
h zyxel ex7501-b0 - / / / / / / /
o zyxel ex7710-b0_firmware / / / / / / / /
h zyxel ex7710-b0 - / / / / / / /
o zyxel emg3525-t50b_firmware / / / / / / / /
h zyxel emg3525-t50b - / / / / / / /
o zyxel emg5523-t50b_firmware / / / / / / / /
h zyxel emg5523-t50b - / / / / / / /
o zyxel emg5723-t50k_firmware / / / / / / / /
h zyxel emg5723-t50k - / / / / / / /
o zyxel gm4100-b0_firmware / / / / / / / /
h zyxel gm4100-b0 - / / / / / / /
o zyxel vmg3625-t50b_firmware / / / / / / / /
h zyxel vmg3625-t50b - / / / / / / /
o zyxel vmg3927-t50k_firmware / / / / / / / /
h zyxel vmg3927-t50k - / / / / / / /
o zyxel vmg4005-b50a_firmware / / / / / / / /
h zyxel vmg4005-b50a - / / / / / / /
o zyxel vmg4005-b60a_firmware / / / / / / / /
h zyxel vmg4005-b60a - / / / / / / /
o zyxel vmg4005-b50b_firmware / / / / / / / /
h zyxel vmg4005-b50b - / / / / / / /
o zyxel vmg8623-t50b_firmware / / / / / / / /
h zyxel vmg8623-t50b - / / / / / / /
o zyxel vmg8825-t50k_firmware / / / / / / / /
h zyxel vmg8825-t50k - / / / / / / /
o zyxel ax7501-b0_firmware / / / / / / / /
h zyxel ax7501-b0 - / / / / / / /
o zyxel ax7501-b1_firmware / / / / / / / /
h zyxel ax7501-b1 - / / / / / / /
o zyxel pe3301-00_firmware / / / / / / / /
h zyxel pe3301-00 - / / / / / / /
o zyxel pe5301-01_firmware / / / / / / / /
h zyxel pe5301-01 - / / / / / / /
o zyxel pm3100-t0_firmware / / / / / / / /
h zyxel pm3100-t0 - / / / / / / /
o zyxel pm5100-t0_firmware / / / / / / / /
h zyxel pm5100-t0 - / / / / / / /
o zyxel pm7500-00_firmware / / / / / / / /
h zyxel pm7500-00 - / / / / / / /
o zyxel pm7300-t0_firmware / / / / / / / /
h zyxel pm7300-t0 - / / / / / / /
o zyxel px3321-t1_firmware / / / / / / / /
h zyxel px3321-t1 - / / / / / / /
o zyxel px3321-t1_firmware / / / / / / / /
h zyxel px3321-t1 - / / / / / / /
o zyxel px5301-t0_firmware / / / / / / / /
h zyxel px5301-t0 - / / / / / / /
o zyxel we3300-00_firmware / / / / / / / /
h zyxel we3300-00 - / / / / / / /
o zyxel wx3100-t0_firmware / / / / / / / /
h zyxel wx3100-t0 - / / / / / / /
o zyxel wx3401-b0_firmware / / / / / / / /
h zyxel wx3401-b0 - / / / / / / /
o zyxel wx3401-b1_firmware / / / / / / / /
h zyxel wx3401-b1 - / / / / / / /
o zyxel wx5600-t0_firmware / / / / / / / /
h zyxel wx5600-t0 - / / / / / / /
o zyxel wx5610-b0_firmware / / / / / / / /
h zyxel wx5610-b0 - / / / / / / /

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-uncontrolled-resource-consumption-and-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-security-routers-and-wireless-extenders-11-18-2025

Tags

CWE-78
security@zyxel.com.tw
2025-11-18
CVE-2025-8693

CVSS Score

8.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Nov. 18, 2025, 2:15 a.m.
Last Modified: Dec. 15, 2025, 2:03 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

security@zyxel.com.tw

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.