First published: Mon Sep 18 2023
Last modified: Mon Sep 18 2023
Exploited: Yes
CWE: 77
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
CVE-2017-6884 is a command injection vulnerability found in Zyxel EMG2926 routers.
The vulnerability is located in the diagnostic tools, specifically the nslookup function, allowing a malicious user to execute malicious commands on the router.
The vulnerability allows an attacker to execute arbitrary commands on the affected Zyxel EMG2926 routers, compromising their security and potentially gaining unauthorized access.
Yes, there are known exploitation vectors, including the ping_ip parameter to the expert/maintenance/diagnostic/nslookup function.
Zyxel has released a security advisory with fixes and recommendations for mitigating the vulnerability. Please refer to their official website for detailed instructions.