Logo
vuln-group

CVE-2017-6884

Zyxel EMG2926 Routers Command Injection Vulnerability

First published: Mon Sep 18 2023

Last modified: Mon Sep 18 2023

Exploited: Yes

CWE: 77

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Any of

  • Zyxel EMG2926 routers

FAQ

  • What is CVE-2017-6884?

    CVE-2017-6884 is a command injection vulnerability found in Zyxel EMG2926 routers.

  • How does the command injection vulnerability in Zyxel EMG2926 routers work?

    The vulnerability is located in the diagnostic tools, specifically the nslookup function, allowing a malicious user to execute malicious commands on the router.

  • What is the impact of CVE-2017-6884?

    The vulnerability allows an attacker to execute arbitrary commands on the affected Zyxel EMG2926 routers, compromising their security and potentially gaining unauthorized access.

  • Are there any known exploits for CVE-2017-6884?

    Yes, there are known exploitation vectors, including the ping_ip parameter to the expert/maintenance/diagnostic/nslookup function.

  • How can I fix the command injection vulnerability in Zyxel EMG2926 routers?

    Zyxel has released a security advisory with fixes and recommendations for mitigating the vulnerability. Please refer to their official website for detailed instructions.

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203