CVE-2017-18371

CRITICAL

Billion 5200w-t Firmware - Hard-coded Credentials

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-18371. PoCs published by Pedro Ribeiro <[email protected]>, including Metasploit module exploits/linux/http/trueonline_p660hn_v2_rce.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in the TrueOnline / ZyXEL P660HN-T v2 router. It leverages default credentials to authenticate and inject commands via the log forwarding page, ultimately downloading and executing a MIPS payload via TFTP.

Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_p660hn_v2_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated command injection vulnerability in the TrueOnline / ZyXEL P660HN-T v2 router. It leverages default credentials to authenticate and inject commands via the log forwarding page, ultimately downloading and executing a MIPS payload via TFTP.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ZyXEL P660HN-T v2 (TrueOnline customized firmware)

Auth required

Prerequisites: Network access to the router's web interface · Default credentials (supervisor:zyad1234) · TFTP server reachable from the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

https://seclists.org/fulldisclosure/2017/Jan/40

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://ssd-disclosure.com/index.php/archives/2910

Technical Description, Third Party Advisory x_refsource_misc

https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Exploit, Third Party Advisory x_refsource_misc

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Broken Link x_refsource_misc

http://www.zyxel.com/support/announcement_unauthenticated.shtml

Scores

CVSS v3 9.8

EPSS 0.7274

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.37.6

zyxel/p660hn-t1a_v2_firmware 7.3.37.6

Published May 02, 2019

Tracked Since Feb 18, 2026