CVE-2017-18372

Опубликовано: 02 мая 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Высокий

Описание

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

Ссылки

https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40
Exploit
Mailing List
Third Party Advisory
https://ssd-disclosure.com/index.php/archives/2910
Exploit
Technical Description
Third Party Advisory
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2017/Jan/40
Exploit
Mailing List
Third Party Advisory
https://ssd-disclosure.com/index.php/archives/2910
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:billion:5200w-t_firmware:7.3.8.0:*:*:*:*:*:*:*

cpe:2.3:h:billion:5200w-t:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:zyxel:p660hn-t1a_v2_firmware:7.3.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:p660hn-t1a_v2:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:zyxel:p660hn-t1a_v1_firmware:7.3.15.0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:p660hn-t1a_v1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.72978

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-v454-6xf3-j8mh

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 99%

0.72978

Высокий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78