CVE-2017-6884

Name of the Vulnerable Software and Affected Versions Zyxel EMG2926 version V1.00(AAQT.4)b8

Description A command injection issue was discovered in the diagnostic tools of the Zyxel EMG2926 home router, specifically in the nslookup function. This allows a malicious user to execute arbitrary commands on the router by exploiting various vectors, such as the ping ip parameter to the "expert/maintenance/diagnostic/nslookup" URI.

Recommendations For Zyxel EMG2926 version V1.00(AAQT.4)b8, consider disabling the nslookup function in the diagnostic tools as a temporary workaround until a patch is available. Restrict access to the "expert/maintenance/diagnostic/nslookup" URI to minimize the risk of exploitation. Avoid using the ping ip parameter in the affected URI until the issue is resolved.