Broadband DSL modems manufactured by Zyxel and distributed by some European ISPs are vulnerable to a command injection vulnerability when setting the ‘NewNTPServer’ value using the TR-64 SOAP-based configuration protocol. In the tested case, no authentication is required to set this value on affected DSL modems. This exploit was originally tested on firmware versions up to 2.00(AADU.5)_20150909.