How severe is CVE-2017-18374?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-18374?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2017-18374 - HIGH Severity | CVSS 8.8

Vulnerability Description

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

Related Vulnerabilities

CVE-2016-9495

HIGH

CVSS:8.8(High)

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of ...

CWE-7982016

CVE-2017-18373

HIGH

CVSS:8.8(High)

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username tru...

CWE-7982017

CVE-2017-2280

HIGH

CVSS:8.8(High)

WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

CWE-7982017

CVE-2017-9488

HIGH

CVSS:8.8(High)

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the...

CWE-7982017

CVE-2018-0663

HIGH

CVSS:8.8(High)

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials whi...

CWE-7982018

CVE-2018-10532

HIGH

CVSS:8.8(High)

An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for netwo...

CWE-7982018