10
CVE-2017-18368
- EPSS 93.75%
- Veröffentlicht 02.05.2019 17:29:00
- Zuletzt bearbeitet 14.03.2025 15:16:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Billion ≫ 5200w-t Firmware Version7.3.8.0
Zyxel ≫ P660hn-t1a V2 Firmware Version7.3.15.0
Zyxel ≫ P660hn-t1a V1 Firmware Version7.3.15.0
07.08.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Zyxel P660HN-T1A Routers Command Injection Vulnerability
SchwachstelleZyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.75% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.