CVE-2017-18373
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.
Published
2019-05-02T17:29:01.363
Last Modified
2024-11-21T03:19:57.680
Status
Modified
Source
[email protected]
Severity
CVSSv3.0: 8.8 (HIGH)
CVSSv2 Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
- Access Vector: NETWORK
- Access Complexity: LOW
- Authentication: SINGLE
- Confidentiality Impact: COMPLETE
- Integrity Impact: COMPLETE
- Availability Impact: COMPLETE
Exploitability Score
8.0
Impact Score
10.0
Weaknesses
Affected Vendors & Products
References
-
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Exploit, Third Party Advisory
([email protected])
-
https://seclists.org/fulldisclosure/2017/Jan/40
Exploit, Mailing List, Third Party Advisory
([email protected])
-
https://ssd-disclosure.com/index.php/archives/2910
Exploit, Technical Description, Third Party Advisory
([email protected])
-
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
Exploit, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://seclists.org/fulldisclosure/2017/Jan/40
Exploit, Mailing List, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://ssd-disclosure.com/index.php/archives/2910
Exploit, Technical Description, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)