CVE-2017-18370
CVE-2017-18370
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 22.9%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
26 dic 2016Exploit Metasploit disponible
02 may 2019Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.
Productos afectados
n/a · n/aReferencias
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txthttps://seclists.org/fulldisclosure/2017/Jan/40https://ssd-disclosure.com/index.php/archives/2910https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/http://www.zyxel.com/support/announcement_unauthenticated.shtml