virus logo Intrusion Prevention

TrueOnline.ZyXEL.P660HN.V1.Unauthenticated.Command.Injection

description-logoDescription

This indicates an attack attempt against a Code Injection vulnerability in ZyXEL P660HN-T router.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on the affected systems.

description-logoOutbreak Alert

A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data.

View the full Outbreak Alert Report

affected-products-logoAffected Products

ZyXEL P660HN-T v1

Impact logoImpact

System Compromise: Remote attacker can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-04-26 20.304 Sig Added
2020-05-19 15.846 Sig Added
ID 43619
Created Feb 10, 2017
Updated Oct 28, 2024
Outbreak Alert Zyxel Router Command Injection
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2017-18368
Known Exploited Yes
Exploit Prediction Score 97.44%
Default Action drop
Active
Affected OS Linux
Affected App Other