CVE-2017-18374 — HIGH (8.8)

Vulnerability Description

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Billion	5200W-T Firmware	7.3.8.0
Billion	5200W-T	-
Zyxel	P660Hn-T1A V2 Firmware	7.3.15.0
Zyxel	P660Hn-T1A V2	-
Zyxel	P660Hn-T1A V1 Firmware	7.3.15.0
Zyxel	P660Hn-T1A V1	-

Related Weaknesses (CWE)

CWE-798

References

http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory
http://www.zyxel.com/support/announcement_unauthenticated.shtmlBroken Link
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.ExploitThird Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40ExploitMailing ListThird Party Advisory
https://ssd-disclosure.com/index.php/archives/2910ExploitTechnical DescriptionThird Party Advisory
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wirelesTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-18374?

CVE-2017-18374 is a vulnerability with a CVSS score of 8.8 (HIGH). The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the usernam...

How severe is CVE-2017-18374?

CVE-2017-18374 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18374?

Check the references section above for vendor advisories and patch information. Affected products include: Billion 5200W-T Firmware, Billion 5200W-T, Zyxel P660Hn-T1A V2 Firmware, Zyxel P660Hn-T1A V2, Zyxel P660Hn-T1A V1 Firmware.