← Voltar para CVEs
CVE-2017-18368
CRITICALCISA KEV9.8
Descricao
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/2/2019
Ultima modificacao11/5/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorZyxel
ProdutoP660HN-T1A Routers
Nome da vulnerabilidadeZyxel P660HN-T1A Routers Command Injection Vulnerability
Data inclusao KEV2023-08-07
Prazo de remediacao2023-08-28
Uso em ransomwareUnknown
Produtos afetados
billion:5200w-tbillion:5200w-t_firmwarezyxel:p660hn-t1a_v1zyxel:p660hn-t1a_v1_firmwarezyxel:p660hn-t1a_v2zyxel:p660hn-t1a_v2_firmware
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://seclists.org/fulldisclosure/2017/Jan/40(cve@mitre.org)
https://ssd-disclosure.com/index.php/archives/2910(cve@mitre.org)
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/(cve@mitre.org)
http://www.zyxel.com/support/announcement_unauthenticated.shtml(af854a3a-2127-422b-91ae-364da2661108)
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/fulldisclosure/2017/Jan/40(af854a3a-2127-422b-91ae-364da2661108)
https://ssd-disclosure.com/index.php/archives/2910(af854a3a-2127-422b-91ae-364da2661108)
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18368(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.