CVE-2017-18368

Name of the Vulnerable Software and Affected Versions ZyXEL P660HN-T1A versions $7.3.15.0 v001 / 3.40(ULM.0)b31

Description The issue is related to a command injection vulnerability in the Remote System Log forwarding function of the ZyXEL P660HN-T1A router. This vulnerability is accessible through the remote host parameter in the "ViewLog.asp" page and can be exploited by an unauthenticated user. The Gafgyt botnet is actively exploiting this weakness, resulting in compromised routers. Around 10 related attacks per day are being carried out against the "ViewLog.asp" page.

Recommendations For version $7.3.15.0 v001 / 3.40(ULM.0)b31, consider replacing the device as soon as possible since it is end-of-life. As a temporary workaround, restrict access to the "ViewLog.asp" page to minimize the risk of exploitation. Avoid using the remote host parameter in the affected API endpoint until the issue is resolved.