theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2017-6884

CISA KEV

Published September 18, 2023 · Updated April 3, 2026

high
Official Description+

Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Affected Products

VendorProduct
ZyxelEMG2926 Routers

Patch Status

Patch by 2023-10-09

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2017-6884.