The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt | Exploit Third Party Advisory |
https://seclists.org/fulldisclosure/2017/Jan/40 | Mailing List Exploit Third Party Advisory |
https://ssd-disclosure.com/index.php/archives/2910 | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-02T16:15:34
Updated: 2019-05-02T16:15:34
Reserved: 2019-05-02T00:00:00
Link: CVE-2017-18373
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-02T17:29:01.363
Modified: 2019-05-03T18:53:00.227
Link: CVE-2017-18373
JSON object: View
Redhat Information
No data.
CWE