{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T17:57:07.420","vulnerabilities":[{"cve":{"id":"CVE-2017-18370","sourceIdentifier":"cve@mitre.org","published":"2019-05-02T17:29:00.880","lastModified":"2024-11-21T03:19:57.207","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371."},{"lang":"es","value":"El router P660HN-T1A v2 TCLinux Fw # 7.3.37.6 de ZyXEL distribuido por TrueOnline tiene una vulnerabilidad de inyección de comandos en la función de reenvío de registro del sistema remoto (Remote System Log forwarding), que solo es accesible por un usuario identificado. La vulnerabilidad está en la página logSet.asp y puede ser aprovechada por medio del parámetro ServerIP. La autorización  se puede lograr mediante la función de CVE-2017-18371."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:S\/C:C\/I:C\/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:billion:5200w-t_firmware:7.3.8.0:*:*:*:*:*:*:*","matchCriteriaId":"C756E02F-45B7-4F40-AEEC-DCC334023F8B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:billion:5200w-t:-:*:*:*:*:*:*:*","matchCriteriaId":"B8F97C92-C53D-4578-92ED-9327E3646FDB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:p660hn-t1a_v2_firmware:7.3.37.6:*:*:*:*:*:*:*","matchCriteriaId":"A338A056-6EC1-4CFB-A10D-1CB8D1771502"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:p660hn-t1a_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1C6D563A-3210-4459-BE4D-5CC36CAF6784"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:p660hn-t1a_v1_firmware:7.3.37.6:*:*:*:*:*:*:*","matchCriteriaId":"524CE722-B1A3-43F9-84D5-F63B57D6BCC6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:p660hn-t1a_v1:-:*:*:*:*:*:*:*","matchCriteriaId":"3AF29B50-0AE2-444C-A251-C27DEBDC064B"}]}]}],"references":[{"url":"http:\/\/www.zyxel.com\/support\/announcement_unauthenticated.shtml","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https:\/\/raw.githubusercontent.com\/pedrib\/PoC\/master\/advisories\/zyxel_trueonline.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/seclists.org\/fulldisclosure\/2017\/Jan\/40","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https:\/\/ssd-disclosure.com\/index.php\/archives\/2910","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https:\/\/unit42.paloaltonetworks.com\/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems\/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http:\/\/www.zyxel.com\/support\/announcement_unauthenticated.shtml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https:\/\/raw.githubusercontent.com\/pedrib\/PoC\/master\/advisories\/zyxel_trueonline.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/seclists.org\/fulldisclosure\/2017\/Jan\/40","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https:\/\/ssd-disclosure.com\/index.php\/archives\/2910","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https:\/\/unit42.paloaltonetworks.com\/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems\/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}}]}