CVE-2017-18372

Name of the Vulnerable Software and Affected Versions Billion 5200W-T TCLinux Fw version 7.3.8.0 v008 130603

Description The issue concerns a command injection vulnerability in the Time Setting function of the Billion 5200W-T TCLinux Fw router. This vulnerability is located in the tools time.asp page and can be exploited through the uiViewSNTPServer parameter. It is notable that access to this function requires authentication.

Recommendations For Billion 5200W-T TCLinux Fw version 7.3.8.0 v008 130603, as a temporary workaround, consider restricting access to the tools time.asp page and avoid using the uiViewSNTPServer parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.