CVE-2017-18370

Published: May 2, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

Affected (3)

Products: Billion: 5200w T Firmware · Zyxel: P660hn T1a V2 Firmware, P660hn T1a V1 Firmware

1 product

5200w T Firmware

2 products

P660hn T1a V2 Firmware

P660hn T1a V1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Billion 5200w T Firmware	Version 7.3.8.0

Running on/with	Platform Versions
Billion 5200w T	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel P660hn T1a V2 Firmware	Version 7.3.37.6

Running on/with	Platform Versions
Zyxel P660hn T1a V2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel P660hn T1a V1 Firmware	Version 7.3.37.6

Running on/with	Platform Versions
Zyxel P660hn T1a V1	All versions

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (10)

http://www.zyxel.com/support/announcement_unauthenticated.shtml

Source: cve@mitre.org

Broken Link

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Source: cve@mitre.org

ExploitThird Party Advisory

https://seclists.org/fulldisclosure/2017/Jan/40

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://ssd-disclosure.com/index.php/archives/2910

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

http://www.zyxel.com/support/announcement_unauthenticated.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://seclists.org/fulldisclosure/2017/Jan/40

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://ssd-disclosure.com/index.php/archives/2910

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

Timeline

No history available yet.