CVE-2017-18372 : The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOn

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

Published 2019-05-02 17:29:01

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-18372

Zyxel » P660hn-t1a V2 Firmware » Version: 7.3.15.0
cpe:2.3:o:zyxel:p660hn-t1a_v2_firmware:7.3.15.0:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » P660hn-t1a V2 » Version: N/A
Zyxel » P660hn-t1a V1 Firmware » Version: 7.3.15.0
cpe:2.3:o:zyxel:p660hn-t1a_v1_firmware:7.3.15.0:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » P660hn-t1a V1 » Version: N/A
Billion » 5200w-t Firmware » Version: 7.3.8.0
cpe:2.3:o:billion:5200w-t_firmware:7.3.8.0:*:*:*:*:*:*:*
Matching versions
When used together with: Billion » 5200w-t » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-18372

EPSS FAQ

70.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2017-18372

TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection

Disclosure Date: 2016-12-26

First seen: 2020-04-26

exploit/linux/http/trueonline_billion_5200w_rce

TrueOnline is a major ISP in Thailand, and it distributes a customized version of the Billion 5200W-T router. This customized version has at least two command injection vulnerabilities, one authenticated and one unauthenticated, on different firmware versions. This m

More information

CVSS scores for CVE-2017-18372

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-18372

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-18372

https://seclists.org/fulldisclosure/2017/Jan/40

Full Disclosure: Multiple RCE in ZyXEL / Billion / TrueOnline routers
Mailing List;Exploit;Third Party Advisory

CVEs referencing this url
https://ssd-disclosure.com/index.php/archives/2910

SSD Advisory - ZyXEL / Billion Multiple Vulnerabilities - SSD Secure Disclosure
Exploit;Technical Description;Third Party Advisory

CVEs referencing this url
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt

Exploit;Third Party Advisory

CVEs referencing this url

Jump to