CVE-2017-18371 : The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline ha

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Published 2019-05-02 17:29:01

Updated 2019-05-03 19:20:00

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-18371

Zyxel » P660hn-t1a V2 Firmware » Version: 7.3.37.6
cpe:2.3:o:zyxel:p660hn-t1a_v2_firmware:7.3.37.6:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » P660hn-t1a V2 » Version: N/A
Zyxel » P660hn-t1a V1 Firmware » Version: 7.3.37.6
cpe:2.3:o:zyxel:p660hn-t1a_v1_firmware:7.3.37.6:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » P660hn-t1a V1 » Version: N/A
Billion » 5200w-t Firmware » Version: 7.3.8.0
cpe:2.3:o:billion:5200w-t_firmware:7.3.8.0:*:*:*:*:*:*:*
Matching versions
When used together with: Billion » 5200w-t » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-18371

EPSS FAQ

69.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-18371

TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection

Disclosure Date: 2016-12-26

First seen: 2020-04-26

exploit/linux/http/trueonline_p660hn_v2_rce

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the ZyXEL P660HN-T v2 router. This customized version has an authenticated command injection vulnerability in the remote log forwarding page. This can be exploited using the "supervisor"

More information

CVSS scores for CVE-2017-18371

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-18371

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-18371

https://seclists.org/fulldisclosure/2017/Jan/40

Full Disclosure: Multiple RCE in ZyXEL / Billion / TrueOnline routers
Mailing List;Exploit;Third Party Advisory

CVEs referencing this url
https://ssd-disclosure.com/index.php/archives/2910

SSD Advisory - ZyXEL / Billion Multiple Vulnerabilities - SSD Secure Disclosure
Exploit;Technical Description;Third Party Advisory

CVEs referencing this url
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/

New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
Technical Description;Third Party Advisory

CVEs referencing this url
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Exploit;Third Party Advisory

CVEs referencing this url

Jump to