CVE-2017-18370

HIGH

Billion 5200w-t Firmware - OS Command Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18370. PoCs published by Pedro Ribeiro <[email protected]>, including Metasploit module exploits/linux/http/trueonline_p660hn_v2_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in the TrueOnline / ZyXEL P660HN-T v2 router by injecting commands into the remote log forwarding page. It authenticates using default credentials, injects a payload via TFTP, and executes it to achieve remote code execution.

Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in the TrueOnline / ZyXEL P660HN-T v2 router by injecting commands into the remote log forwarding page. It authenticates using default credentials, injects a payload via TFTP, and executes it to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZyXEL P660HN-T v2 (TrueOnline customized version)

Auth required

Prerequisites: Network access to the router's web interface · Default credentials (supervisor:zyad1234) · TFTP server to host the payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://seclists.org/fulldisclosure/2017/Jan/40

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://ssd-disclosure.com/index.php/archives/2910

Technical Description, Third Party Advisory x_refsource_misc

https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Exploit, Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Broken Link x_refsource_misc

http://www.zyxel.com/support/announcement_unauthenticated.shtml

Scores

CVSS v3 8.8

EPSS 0.7702

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.37.6

zyxel/p660hn-t1a_v2_firmware 7.3.37.6

Published May 02, 2019

Tracked Since Feb 18, 2026