CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-18371

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile5.80th
Published2019年5月2日
Last Modified2024年11月21日

Vulnerability Description

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

Affected Platforms (CPE)

💻
Billion

5200w T Firmware

= 7.3.8.0
💻
Zyxel

P660hn T1a V2 Firmware

= 7.3.37.6
💻
Zyxel

P660hn T1a V1 Firmware

= 7.3.37.6

References & Advisories

🔗 http://www.zyxel.com/support/announcement_unauthenticated.shtml
🔗 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
🔗 https://seclists.org/fulldisclosure/2017/Jan/40
🔗 https://ssd-disclosure.com/index.php/archives/2910
🔗 https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
🔗 http://www.zyxel.com/support/announcement_unauthenticated.shtml
🔗 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
🔗 https://seclists.org/fulldisclosure/2017/Jan/40

相關漏洞威脅

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...

CVE-2017-332410.0

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcompone...

CVE-2017-278510.0

An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially cra...