Unrated severityCISA KEVNVD Advisory· Published May 2, 2019· Updated Oct 21, 2025
CVE-2017-18368
CVE-2017-18368
Description
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31
Patches
Vulnerability mechanics
References
5- www.zyxel.com/support/announcement_unauthenticated.shtmlmitrex_refsource_MISC
- raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txtmitrex_refsource_MISC
- seclists.org/fulldisclosure/2017/Jan/40mitrex_refsource_MISC
- ssd-disclosure.com/index.php/archives/2910mitrex_refsource_MISC
- unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/mitrex_refsource_MISC
News mentions
1- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025