Published: 06/04/2017 Updated: 12/04/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A command injection vulnerability exists on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel emg2926_firmware v1.00\\(aaqt.4\\)b8

# Exploit Title: Zyxel, EMG2926 < V100(AAQT4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (trevor Hough) # Vendor Homepage: wwwzyxelcom # Version: EMG2926 - V100(AAQT4)b8 # Tested on: linux # CVE : CVE-2017-6884 OS command injection vulnerability was discovered in a commonly used home router (zyxel - EMG2926 ...

Zyxel / EMG2926 versions prior to 100(AAQT4)b8 suffers from an OS command injection vulnerability ...

CWE-78 https://www.exploit-db.com/exploits/41782/https://nvd.nist.gov https://www.exploit-db.com/exploits/41782/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6884

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect