CVE-2017-6884

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
References
Link Resource
https://www.exploit-db.com/exploits/41782/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41782/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:emg2926_firmware:v1.00\(aaqt.4\)b8:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg2926:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:30

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/41782/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/41782/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2017-04-06 17:59

Updated : 2024-11-21 03:30


NVD link : CVE-2017-6884

Mitre link : CVE-2017-6884

CVE.ORG link : CVE-2017-6884


JSON object : View

Products Affected

zyxel

  • emg2926
  • emg2926_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')