CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 28, 2023

CVE-2017-18368

High

EPSS 93.7%CISA KEV

Zyxel/P660HN-T1A Routers

Description

Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.

EPSS — Exploit Probability

93.7%

Higher than 99.8% of all CVEs

Required Action

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 93.7%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Aug 7, 2023

Added to KEV

Aug 7, 2023

Remediation Due

Aug 28, 2023

Affected Product

Zyxel

P660HN-T1A Routers

View all Zyxel CVEs

External Links

NVD (NIST)CVE Details MITRE CVE