CVE-2017-18371
CVE-2017-18371
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 22.5%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
26 dic 2016Exploit Metasploit disponible
02 may 2019Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.
Productos afectados
n/a · n/aReferencias
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txthttps://seclists.org/fulldisclosure/2017/Jan/40https://ssd-disclosure.com/index.php/archives/2910https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/http://www.zyxel.com/support/announcement_unauthenticated.shtml