{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T21:01:52.508","vulnerabilities":[{"cve":{"id":"CVE-2017-18374","sourceIdentifier":"cve@mitre.org","published":"2019-05-02T17:29:01.490","lastModified":"2024-11-21T03:19:57.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 \/ 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes."},{"lang":"es","value":"El router ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 \/ 3.40(ULM.0)b31 distribuido por TrueOnline tiene dos cuentas de usuario con contraseñas predeterminadas, incluyendo una cuenta de servicio con el nombre de usuario true y password true. Estas cuentas se pueden utilizar para iniciar sesión en la interfaz web, explotar inyecciones de comandos autenticadas y cambiar la configuración del router con fines maliciosos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:L\/Au:S\/C:C\/I:C\/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:billion:5200w-t_firmware:7.3.8.0:*:*:*:*:*:*:*","matchCriteriaId":"C756E02F-45B7-4F40-AEEC-DCC334023F8B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:billion:5200w-t:-:*:*:*:*:*:*:*","matchCriteriaId":"B8F97C92-C53D-4578-92ED-9327E3646FDB"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:p660hn-t1a_v2_firmware:7.3.15.0:*:*:*:*:*:*:*","matchCriteriaId":"345E3D41-AF56-47DA-9719-E84FB9DB300B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:p660hn-t1a_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"1C6D563A-3210-4459-BE4D-5CC36CAF6784"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:p660hn-t1a_v1_firmware:7.3.15.0:*:*:*:*:*:*:*","matchCriteriaId":"BB423D04-654A-4FD5-8973-17E5B08C7453"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:p660hn-t1a_v1:-:*:*:*:*:*:*:*","matchCriteriaId":"3AF29B50-0AE2-444C-A251-C27DEBDC064B"}]}]}],"references":[{"url":"http:\/\/www.zyxel.com\/support\/announcement_unauthenticated.shtml","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https:\/\/raw.githubusercontent.com\/pedrib\/PoC\/master\/advisories\/zyxel_trueonline.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/seclists.org\/fulldisclosure\/2017\/Jan\/40","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https:\/\/ssd-disclosure.com\/index.php\/archives\/2910","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https:\/\/unit42.paloaltonetworks.com\/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems\/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http:\/\/www.zyxel.com\/support\/announcement_unauthenticated.shtml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https:\/\/raw.githubusercontent.com\/pedrib\/PoC\/master\/advisories\/zyxel_trueonline.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/seclists.org\/fulldisclosure\/2017\/Jan\/40","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https:\/\/ssd-disclosure.com\/index.php\/archives\/2910","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https:\/\/unit42.paloaltonetworks.com\/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems\/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}}]}