Vulnerability Details CVE-2017-6884
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.907
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
Proposed Action
Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
Ransomware Campaign
Known
Products affected by CVE-2017-6884
-
cpe:2.3:h:zyxel:emg2926:-
-
cpe:2.3:o:zyxel:emg2926_firmware:v1.00(aaqt.4)b8