COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2017-6884

CVE-2017-6884

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-09-18
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-6884
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/

Players implicated

Zyxel · vendorEMG2926 Routers · product

Description

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.