Unrated severityCISA KEVNVD Advisory· Published May 2, 2019· Updated Oct 21, 2025

CVE-2017-18368

Description

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.zyxel.com/support/announcement_unauthenticated.shtmlmitrex_refsource_MISC
raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txtmitrex_refsource_MISC
seclists.org/fulldisclosure/2017/Jan/40mitrex_refsource_MISC
ssd-disclosure.com/index.php/archives/2910mitrex_refsource_MISC
unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000