← back
CVE-2017-18370

CVE-2017-18370

EPSS 22.9%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 22.9%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
26 Dec 2016Metasploit module available
02 May 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.
Affected products
n/a · n/a