Zyxel P660HN-T1A Routers Command Injection Vulnerability - 20230808001

Overview

The WA SOC has noted that the ZyXEL P660HN-T1A router, a legacy product with end-of-life support distributed by TrueOnline has a command injection vulnerability (running as root) in their web interface, which can be exploited by an unauthenticated attacker remotely.

What is the vulnerability?

CVE-2017-18368 - CVSS v3 Base Score: 9.8

What is vulnerable?

The vulnerability affects the following products:

• ZyXEL P660HN-T1A hardware revision v1, TrueOnline firmware version 340ULM0b31, other firmware versions might be affected

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):

• Zyxel Security Advisory
• Zyxel Support

Additional References

• Zyxel Github Content
• CISA