CVE-2017-18368 — CRITICAL (9.8)

Vulnerability Description

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Billion	5200W-T Firmware	7.3.8.0
Billion	5200W-T	-
Zyxel	P660Hn-T1A V2 Firmware	7.3.15.0
Zyxel	P660Hn-T1A V2	-
Zyxel	P660Hn-T1A V1 Firmware	7.3.15.0
Zyxel	P660Hn-T1A V1	-

Related Weaknesses (CWE)

CWE-78

References

http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory
http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource

FAQ

What is CVE-2017-18368?

CVE-2017-18368 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessi...

How severe is CVE-2017-18368?

CVE-2017-18368 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-18368?

Check the references section above for vendor advisories and patch information. Affected products include: Billion 5200W-T Firmware, Billion 5200W-T, Zyxel P660Hn-T1A V2 Firmware, Zyxel P660Hn-T1A V2, Zyxel P660Hn-T1A V1 Firmware.