cbcvebase.
CVE-2017-18369
published 2019-05-02

CVE-2017-18369: The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which…

PriorityP187critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
67.64%
99.2th percentile
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
billion5200w-t_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/adv_remotelog.asp
othersyslogServerAddr
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/trueonline_billion_5200w_rce.rb
  • Monitor HTTP requests targeting /adv_remotelog.asp with suspicious or shell-metacharacter-containing values in the syslogServerAddr parameter, especially from unauthenticated sessions.
  • The unauthenticated command injection vector should be prioritized in detection; the exploit module attempts the unauthenticated injection first before falling back to an authenticated variant.
  • Scope detection broadly to Billion 5200W-T devices beyond Thailand; the firmware may be distributed in other countries under different ISPs.
  • ·The Metasploit module was tested only in an emulated environment, not on physical hardware; exploit reliability on real devices is unconfirmed.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.