CVE-2017-18372

HIGH

Billion 5200w-t Firmware - OS Command Injection

Title source: rule

Description

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Pedro Ribeiro <[email protected]> · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_billion_5200w_rce.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2017/Jan/40

[Exploit, Technical Description, Third Party Advisory] https://ssd-disclosure.com/index.php/archives/2910

Scores

CVSS v3 8.8

EPSS 0.7216

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (3)

billion/5200w-t_firmware 7.3.8.0

zyxel/p660hn-t1a_v1_firmware 7.3.15.0

zyxel/p660hn-t1a_v2_firmware 7.3.15.0

Published May 02, 2019

Tracked Since Feb 18, 2026