Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ZYXEL_ROUTER_CVE-2017-6884.NASL
HistoryNov 09, 2023 - 12:00 a.m.

Zyxel Router Command Injection Vulnerability (CVE-2017-6884)

2023-11-0900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
zyxel
router
command injection
vulnerability
cve-2017-6884
nslookup function
diagnostic tools
authenticated
remote attacker
arbitrary commands

8.1 High

AI Score

Confidence

Low

JSON

According to its model number and firmware revision, the remote Zyxel Router is affected by a command injection vulnerability within nslookup funciton of the diagnostic tools. An authenticated, remote attacker can exploit this, via various crafted HTTP commands, to execute arbitrary commands.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#

include('compat.inc');

if (description)
{
  script_id(185418);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/09");

  script_cve_id("CVE-2017-6884");
  script_xref(name:"EDB-ID", value:"41782");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/10/09");

  script_name(english:"Zyxel Router Command Injection Vulnerability (CVE-2017-6884)");

  script_set_attribute(attribute:"synopsis", value:
"The remote router is affected by a command injection vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its model number and firmware revision, the remote Zyxel Router is affected by a command injection
vulnerability within nslookup funciton of the diagnostic tools. An authenticated, remote attacker can exploit this, via
various crafted HTTP commands, to execute arbitrary commands.");
  # https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b6a48e7");
  script_set_attribute(attribute:"solution", value:
"Contact vendor for remediation instructions.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6884");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/h:zyxel");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("zyxel_router_detect_getbasicinfo.nbin");
  script_require_keys("www/zyxel_router");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include('http.inc');
include('vcf_extras.inc');

var app_info = vcf::zyxel_router::get_app_info();

var constraints = [{
  'models'        : make_list('EMG2926-Q10A'),
  'equal'         : vcf::zyxel_router::transform_ver(firmware:'V1.00(AAQT.4)b8'),
  'fixed_display' : 'See Vendor Advisory'
}];

vcf::zyxel_router::check_version_and_report(
    app_info    : app_info,
    constraints : constraints,
    severity    : SECURITY_HOLE
);
VendorProductVersionCPE
zyxelx-cpe:/h:zyxel

Related

attackerkb 1
exploitpack 1
checkpoint_advisories 1
zdt 1
packetstorm 1
prion 1
cisa_kev 1
cve 1
exploitdb 1
threatpost 1
thn 1
attackerkb
attackerkb
CVE-2017-6884
2017-04-06 00:00:00
exploitpack
exploitpack
Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection
2017-04-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Zyxel EMG2926 Router OS Command Injection (CVE-2017-6884)
2018-08-16 00:00:00
zdt
zdt
Zyxel EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Vulnerability
2017-04-03 00:00:00
packetstorm
packetstorm
Zyxel / EMG2926 Command Injection
2017-04-02 00:00:00
prion
prion
Command injection
2017-04-06 17:59:00
cisa_kev
cisa_kev
Zyxel EMG2926 Routers Command Injection Vulnerability
2023-09-18 00:00:00
cve
cve
CVE-2017-6884
2017-04-06 17:59:00
exploitdb
exploitdb
Zyxel, EMG2926 &lt; V1.00(AAQT.4)b8 - OS Command Injection
2017-04-02 00:00:00
threatpost
threatpost
Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws
2018-09-10 14:23:09
thn
thn
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
2023-09-20 05:28:00

8.1 High

AI Score

Confidence

Low

JSON
Related for ZYXEL_ROUTER_CVE-2017-6884.NASL
attackerkb1exploitpack1checkpoint_advisories1zdt1packetstorm1prion1cisa_kev1cve1exploitdb1threatpost1thn1