CVE-2017-6884

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
References
Link Resource
https://www.exploit-db.com/exploits/41782/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zyxel:emg2926_firmware:v1.00\(aaqt.4\)b8:*:*:*:*:*:*:*
cpe:2.3:h:zyxel:emg2926:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-06 17:59

Updated : 2024-02-28 15:44


NVD link : CVE-2017-6884

Mitre link : CVE-2017-6884

CVE.ORG link : CVE-2017-6884


JSON object : View

Products Affected

zyxel

  • emg2926
  • emg2926_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')