mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
20 lines
1.1 KiB
Markdown
20 lines
1.1 KiB
Markdown
|
### [CVE-2017-18373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18373)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt
|
||
|
|
- https://seclists.org/fulldisclosure/2017/Jan/40
|
||
|
|
- https://ssd-disclosure.com/index.php/archives/2910
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
No PoCs found on GitHub currently.
|
||
|
|
|