← Zuruck zu CVEs
CVE-2017-18368
CRITICALCISA KEV9.8
Beschreibung
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/2/2019
Zuletzt geandert11/5/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerZyxel
ProduktP660HN-T1A Routers
SchwachstellennameZyxel P660HN-T1A Routers Command Injection Vulnerability
KEV Aufnahmedatum2023-08-07
Behebungsfrist2023-08-28
Ransomware-NutzungUnknown
Betroffene Produkte
billion:5200w-tbillion:5200w-t_firmwarezyxel:p660hn-t1a_v1zyxel:p660hn-t1a_v1_firmwarezyxel:p660hn-t1a_v2zyxel:p660hn-t1a_v2_firmware
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://seclists.org/fulldisclosure/2017/Jan/40(cve@mitre.org)
https://ssd-disclosure.com/index.php/archives/2910(cve@mitre.org)
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/(cve@mitre.org)
http://www.zyxel.com/support/announcement_unauthenticated.shtml(af854a3a-2127-422b-91ae-364da2661108)
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2017/Jan/40(af854a3a-2127-422b-91ae-364da2661108)
https://ssd-disclosure.com/index.php/archives/2910(af854a3a-2127-422b-91ae-364da2661108)
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18368(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.