Published: 12/05/2022 Updated: 19/10/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 up to and including 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 up to and including 5.21 Patch 1, ATP series firmware versions 5.10 up to and including 5.21 Patch 1, VPN series firmware versions 4.60 up to and including 5.21 Patch 1, which could allow an malicious user to modify specific files and then execute some OS commands on a vulnerable device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zyxel usg_flex_100w_firmware
zyxel usg_flex_200_firmware
zyxel usg_flex_500_firmware
zyxel usg_flex_700_firmware
zyxel vpn100_firmware
zyxel vpn1000_firmware
zyxel vpn300_firmware
zyxel vpn50_firmware
zyxel atp100_firmware
zyxel atp100w_firmware
zyxel atp200_firmware
zyxel atp500_firmware
zyxel atp700_firmware
zyxel atp800_firmware
zyxel usg_flex_50w_firmware
zyxel usg20w-vpn_firmware

This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution ...

Zyxel USG FLEX version 521 suffers from a command injection vulnerability ...

This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (eg nobody) escalate to root The issue stems from a suid binary that allows all users to copy files as root This module overwrites the firewall's crontab to execute an attacker provided script, resulting in code execution ...

This module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can g ...

This module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field with a crafted OS command to the /ztp/cgi-bin/handler page, an attacker can gain remote command execution as the nobody user. Affected Zyxel models are: * USG FLEX 50, 50W, 100W, 200, 500, 700 using firmware 5.21 and below * USG20-VPN and USG20W-VPN using firmware 5.21 and below * ATP 100, 200, 500, 700, 800 using firmware 5.21 and below

msf > use exploit/linux/http/zyxel_ztp_rce
msf exploit(zyxel_ztp_rce) > show targets
    ...targets...
msf exploit(zyxel_ztp_rce) > set TARGET < target-id >
msf exploit(zyxel_ztp_rce) > show options
    ...show and set options...
msf exploit(zyxel_ztp_rce) > exploit

Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525）批量检测脚本

CVE-2022-30525 Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525）批量检测脚本脚本仅提供测试功能，不包含实际攻击请求，仅用于安全检测，一切利用脚本进行违法测试的行为均与本人无关

Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525) Batch Detection Script

CVE-2022-30525 python CVE-2022-30525-POCpy -u sitcom Image

Zyxel 防火墙未经身份验证的远程命令注入

CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入影响版本影响组件 USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800 固件版本 ZLD500 thru ZLD521 Patch 1 ZLD510 thru ZLD521 Patch 1 ZLD510 thru ZLD521 Patch 1 update -proxy From githubcom/Henry4E36/CVE-2022-30525 ⚠️ 免责声明此工具仅作�

CVE-2022-30525（Zxyel 防火墙命令注入）的概念证明漏洞利用

CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入漏洞影响组件 USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800 固件版本 ZLD500 thru ZLD521 Patch 1 ZLD510 thru ZLD521 Patch 1 ZLD510 thru ZLD521 Patch help [root@localhost ~]# /CVE-2022-30525 -h NAME: CVE-2022-30525 - Zyxel Firewall Command Injection (CVE-

A OS Command Injection Vulnerability in the CGI Program of Zyxel

CVE-2022-30525 A OS Command Injection Vulnerability in the CGI Program of Zyxel Executive Summary The vulnerability, first discovered on April 13, 2022, caused remote code execution in Zyxel firewall products This important vulnerability with a CVSS score of 98 was blocked with the update released by Zyxel 15 days after it emerged At least 20800 models were affected in this

Share some archives about IoT exploits.

Awesome-IoT-exp Share some archives about IoT exploits CVE-2021-36260 NETGEAR_D7000_Authentication_Bypass TP-Link RCE CVE-2021-1965 WiFi Zero Click RCE Trigger PoC from githubcom/parsdefense/CVE-2021-1965(高通骁龙平台 CVE-2021-1965 WiFi Zero Click RCE Trigger PoC) CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Initial POC for the CVE-2022-30525

CVE-2022-30525 by 1vere$k Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), which includes the ATP series, VPN series, and the USG FLEX series (including USG20-VPN and USG20W-VPN) The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and remote attacker to achieve arbitrary code execution

Valhalla finds vulnerable devices on shodan, it can also scan a list of domains to find vulnerabilities.

valhalla Valhalla finds vulnerable devices on shodan, it can also scan a list of domains to find vulnerabilities INSTALLATION git clone githubcom/gotr00t0day/valhallagit cd valhalla pip3 install -r requirementstxt chmod +x installsh /installsh USAGE , , |\ ,__ |\ \/ ` \ `-: `\ `-__ `\=====| /=`

CVE-2022-30525 POC

CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A python based exploit for CVE-2022-30525 Vulnerability Summary (NIST) A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 500 up to and including 521 Patch 1, USG FLEX 200 firmware versions 500 up to and including 521 Patch 1, USG FLEX 500 firmware versions 500 up to an

CVE-2022-30525 POC exploit

CVE-2022-30525 CVE-2022-30525 POC exploit Usage usage: exploitpy [-h] [-t TARGET] [-lhost LOCALHOST] [-lport LOCALPORT] optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET IP address of the target, eg: 127001:9443 -lhost LOCALHOST, --localhost LOCALHOST IP address

CVE-2022-30525_check Description: This script checks for the presence of the OS command injection vulnerability (CVE-2022-30525) in Zyxel USG FLEX devices running firmware versions 500 through 521 Patch 1 The vulnerability allows an attacker to modify specific files and execute OS commands on a vulnerable device Instructions for use: Ensure that Python 3 is installed on yo

Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)

Victorian Machinery Victorian Machinery is a proof of concept exploit for CVE-2022-30525 The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning Zyxel pushed a fix for this issue on April 28, 2022 The following models are known to be affected: USG FLEX 100, 100W, 200, 500, 700 AT

CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合

F5-BIG-IP POC go语言编写CVE-2020-5902 CVE-2021-22986 CVE-2022-1388 POC集合后续会增加F5其他POC author:160teamwest9B 仅限用于安全研究人员在授权的情况下使用，遵守网络安全法，产生任何问题，后果自负，与作者无关。 01-基本介绍 F5 POC合集： CVE-2020-5902：F5 BIG-IP远程代码执行漏洞 CVE-2021-22986：F5 BIG-IP iC

各种脚本、漏洞利用工具

script 免杀Fscan、LadonGo githubcom/badboycxcc/script/blob/main/fzip githubcom/badboycxcc/script/blob/main/Ladonzip Fscan M1 githubcom/badboycxcc/script/blob/main/fscan MD5 e80781fdd5c02a07e77498368b426e89 SHASUM c47503324bb9c485abd579e7c2410ae356c374c1 CobaltStrike47 Hash：c1cda82b39fda2f77c811f42a7a55987adf37e06a522ed6f28900d77bbd4409f Do

Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525）

CVE-2022-30525 Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525） Optional Arguments: -h, --help show this help message and exit -u url, --url url Target url eg:"127001" -f file, --file file Targets in file eg:"iptxt" Use python3 CVE-2022-30525py -u 127001 python3 CVE-2022-30525py -f iptxt Link wwwhen

Exploit for CVE-2022-30525

CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A python based exploit for CVE-2022-30525 Vulnerability Summary (NIST) An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 500 up to and including 521 Patch 1, USG FLEX 200 firmware versions 500 up to and including 521 Patch 1, USG FLEX 500 firmware versions 500 up to a

CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC

CVE-2022-30525 Zyxel 防火墙命令注入漏洞 CVE-2022-30525 POC&EXP author:160teamwest9B 仅限用于安全研究人员在授权的情况下使用，遵守网络安全法，产生任何问题，后果自负，与作者无关。 01-基本介绍 2022 年 5 月 12 日，Zyxel（合勤）发布安全公告，修复了其防火墙设备中未经身份验证的远程命�

CWE-78 https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml http://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html http://packetstormsecurity.com/files/167176/Zyxel-Remote-Command-Execution.html http://packetstormsecurity.com/files/167372/Zyxel-USG-FLEX-5.21-Command-Injection.html http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html https://nvd.nist.gov https://packetstormsecurity.com/files/167182/Zyxel-Firewall-ZTP-Unauthenticated-Command-Injection.html https://github.com/shuai06/CVE-2022-30525

Get Started

CVE-2022-30525

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect