Showing 1 - 3 of 3

CVE-2022-30525

Status Candidate

Overview

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Related Files

Zyxel USG FLEX 5.21 Command Injection: Posted Jun 3, 2022; Authored by Valentin Lobstein; Zyxel USG FLEX version 5.21 suffers from a command injection vulnerability.; tags | exploit; advisories | CVE-2022-30525; SHA-256 | d241a3c90061a120559caf280f0fe2fd049d9b836481bf51a1841e3861dfdf0a; Download | Favorite | View

Zyxel Firewall ZTP Unauthenticated Command Injection: Posted May 16, 2022; Authored by jbaines-r7 | Site metasploit.com; This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below, USG20-VPN and USG20W-VPN using firmware 5.21 and below, and ATP 100, 200, 500, 700, 800 using firmware 5.21 and below.; tags | exploit, remote, cgi; advisories | CVE-2022-30525; SHA-256 | ab9073cd14f8ea730621aa93b69a0d03cb5f9d8e92dbc88068fca19ff77f6fab; Download | Favorite | View

Zyxel Remote Command Execution: Posted May 16, 2022; Authored by jbaines-r7 | Site github.com; Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.; tags | exploit, remote, proof of concept; advisories | CVE-2022-30525; SHA-256 | d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

CVE-2022-30525

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems