CVE-2017-18373

Name of the Vulnerable Software and Affected Versions Billion 5200W-T TCLinux Fw version $7.3.8.0 v008 130603

Description The issue concerns default passwords for three user accounts, including two hardcoded service accounts. One account has the username true and password true, and another has the username user3 with a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, allowing for authenticated command injections and changes to router settings for malicious purposes.

Recommendations For Billion 5200W-T TCLinux Fw version $7.3.8.0 v008 130603, change the default passwords of the true and user3 accounts to secure passwords to prevent unauthorized access. As a temporary workaround, consider restricting access to the web interface until the default passwords are changed.