CVE-2017-18370

HIGH

Billion 5200w-t Firmware - OS Command Injection

Title source: rule

Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb

View Code ZIP pw:eip

References (5)

[Broken Link] http://www.zyxel.com/support/announcement_unauthenticated.shtml

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2017/Jan/40

[Exploit, Technical Description, Third Party Advisory] https://ssd-disclosure.com/index.php/archives/2910

[Technical Description, Third Party Advisory] https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Scores

CVSS v3 8.8

EPSS 0.7514

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.37.6

zyxel/p660hn-t1a_v2_firmware 7.3.37.6

Published May 02, 2019

Tracked Since Feb 18, 2026