CVE-2017-18368

CRITICAL KEV

Billion 5200w-t Firmware - OS Command Injection

Title source: rule

Description

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.

Exploits (2)

vulncheck_xdb WORKING POC

remote

https://github.com/threat9/routersploit

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_p660hn_v1_rce.rb

View Code ZIP pw:eip

References (6)

[Broken Link] http://www.zyxel.com/support/announcement_unauthenticated.shtml

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2017/Jan/40

[Exploit, Technical Description, Third Party Advisory] https://ssd-disclosure.com/index.php/archives/2910

[Technical Description, Third Party Advisory] https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-18368

Scores

CVSS v3 9.8

EPSS 0.9359

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-08-07

VulnCheck KEV 2021-11-11

InTheWild.io 2021-03-18

ENISA EUVD EUVD-2017-9484

CWE

CWE-78

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.15.0

zyxel/p660hn-t1a_v2_firmware 7.3.15.0

Published May 02, 2019

KEV Added Aug 07, 2023

Tracked Since Feb 18, 2026