module
TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection
| Disclosed |
|---|
| Dec 26, 2016 |
Disclosed
Dec 26, 2016
Description
TrueOnline is a major ISP in Thailand, and it distributes a customized version of
the ZyXEL P660HN-T v1 router. This customized version has an unauthenticated command
injection vulnerability in the remote log forwarding page.
This module was tested in an emulated environment, as the author doesn't have access to the
Thai router any more. Any feedback should be sent directly to the module's author, as well as
to the Metasploit project.
There are other language strings in the firmware, so it is likely that this firmware is not only
distributed in Thailand. Other P660HN-T v1 in other countries might be vulnerable too.
the ZyXEL P660HN-T v1 router. This customized version has an unauthenticated command
injection vulnerability in the remote log forwarding page.
This module was tested in an emulated environment, as the author doesn't have access to the
Thai router any more. Any feedback should be sent directly to the module's author, as well as
to the Metasploit project.
There are other language strings in the firmware, so it is likely that this firmware is not only
distributed in Thailand. Other P660HN-T v1 in other countries might be vulnerable too.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.