CVE-2017-18371

CRITICAL

Billion 5200w-t Firmware - Hard-coded Credentials

Title source: rule

Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb

View Code ZIP pw:eip

References (5)

[Broken Link] http://www.zyxel.com/support/announcement_unauthenticated.shtml

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2017/Jan/40

[Exploit, Technical Description, Third Party Advisory] https://ssd-disclosure.com/index.php/archives/2910

[Technical Description, Third Party Advisory] https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Scores

CVSS v3 9.8

EPSS 0.7274

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.37.6

zyxel/p660hn-t1a_v2_firmware 7.3.37.6

Published May 02, 2019

Tracked Since Feb 18, 2026