Vulnerability Description
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Billion | 5200W-T Firmware | 1.02b |
| Billion | 5200W-T | - |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
- https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
- https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-18369?
CVE-2017-18369 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. ...
How severe is CVE-2017-18369?
CVE-2017-18369 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-18369?
Check the references section above for vendor advisories and patch information. Affected products include: Billion 5200W-T Firmware, Billion 5200W-T.