Zyxel P660HN-T1A Routers Command Injection Vulnerability
Zyxel — P660HN-T1A Routers
- Added to KEV catalog
- 7 August 2023
- Federal remediation due date
- 28 August 2023
- Weakness classification (CWE)
- CWE-78
CISA Description
Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368
More Zyxel Vulnerabilities
Zyxel DSL CPE OS Command Injection Vulnerability
Zyxel DSL CPE OS Command Injection Vulnerability
Zyxel Multiple Firewalls Path Traversal Vulnerability
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel Multiple NAS Devices Command Injection Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services