CVE-2017-18371 — CRITICAL (9.8)

Vulnerability Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Billion	5200W-T Firmware	7.3.8.0
Billion	5200W-T	-
Zyxel	P660Hn-T1A V2 Firmware	7.3.37.6
Zyxel	P660Hn-T1A V2	-
Zyxel	P660Hn-T1A V1 Firmware	7.3.37.6
Zyxel	P660Hn-T1A V1	-

Related Weaknesses (CWE)

CWE-798

References

http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory
http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-18371?

CVE-2017-18371 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and p...

How severe is CVE-2017-18371?

CVE-2017-18371 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-18371?

Check the references section above for vendor advisories and patch information. Affected products include: Billion 5200W-T Firmware, Billion 5200W-T, Zyxel P660Hn-T1A V2 Firmware, Zyxel P660Hn-T1A V2, Zyxel P660Hn-T1A V1 Firmware.