Unrated severityNVD Advisory· Published May 2, 2019· Updated Aug 5, 2024

CVE-2017-18369

Description

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txtmitrex_refsource_MISC
seclists.org/fulldisclosure/2017/Jan/40mitrex_refsource_MISC
ssd-disclosure.com/index.php/archives/2910mitrex_refsource_MISC

News mentions

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Trend Micro Research · Oct 9, 2025

cvss	0.000
epss	0.071
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000