CVE-2017-18368: Zyxel P660HN-T1A Routers Command Injection Vulnerability
First published: Thu May 02 2019(Updated: )
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel P660HN-T1A Routers | =7.3.8.0 | |
| Billion 5200W-T | ||
| Zyxel P660HN-T1A Routers | =7.3.15.0 | |
| Zyxel P660HN-T1A Routers | ||
| Zyxel P660hn-t1a V1 Firmware | =7.3.15.0 | |
| ZyXEL P660HN-T1A v1 | ||
| Zyxel P660HN-T1A Routers | ||
| All of | ||
| Billion 5200w-t Firmware | =7.3.8.0 | |
| Billion 5200W-T | ||
| All of | ||
| Zyxel P660hn-t1a V2 Firmware | =7.3.15.0 | |
| ZyXEL P660HN-T1A v2 | ||
| All of | ||
| Zyxel P660hn-t1a V1 Firmware | =7.3.15.0 | |
| ZyXEL P660HN-T1A v1 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zyxel.com/support/announcement_unauthenticated.shtml
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
- https://seclists.org/fulldisclosure/2017/Jan/40
- https://ssd-disclosure.com/index.php/archives/2910
- https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware;
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe;
- https://nvd.nist.gov/vuln/detail/CVE-2017-18368
Frequently Asked Questions
What is CVE-2017-18368?
CVE-2017-18368 is a command injection vulnerability found in the Zyxel P660HN-T1A routers.
How can an attacker exploit CVE-2017-18368?
An attacker can exploit CVE-2017-18368 by using the remote_host parameter of the ViewLog.asp page to inject and execute malicious commands on the router.
Is authentication required to exploit CVE-2017-18368?
No, authentication is not required to exploit CVE-2017-18368.
What is the affected software for CVE-2017-18368?
The affected software for CVE-2017-18368 is the Zyxel P660HN-T1A routers.
Are there any known fixes for CVE-2017-18368?
Yes, Zyxel has released security advisories providing patches and firmware updates to address the command injection vulnerability in the P660HN-T1A routers.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/description
- agent/severity
- agent/title
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- agent/event
- vendor/billion
- canonical/zyxel p660hn-t1a routers
- version/zyxel p660hn-t1a routers/7.3.8.0
- canonical/billion 5200w-t
- vendor/zyxel
- version/zyxel p660hn-t1a routers/7.3.15.0
- canonical/zyxel p660hn-t1a v1 firmware
- version/zyxel p660hn-t1a v1 firmware/7.3.15.0
- canonical/zyxel p660hn-t1a v1
- canonical/billion 5200w-t firmware
- version/billion 5200w-t firmware/7.3.8.0
- canonical/zyxel p660hn-t1a v2 firmware
- version/zyxel p660hn-t1a v2 firmware/7.3.15.0
- canonical/zyxel p660hn-t1a v2