CVE-2022-30525
Description
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Severity: CRITICAL
CVE ID: CVE-2022-30525
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-30525
Refrence: Project Discovery GitHub
jbaines-r7
Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)
Refrence: GitHub
Henry4E36
Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)
Refrence: GitHub
shuai06
Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)批量检测脚本
Refrence: GitHub
savior-only
Zyxel 防火墙未经身份验证的远程命令注入
Refrence: GitHub
M4fiaB0y
Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525) Batch Detection Script
Refrence: GitHub
k0sf
CVE-2022-30525(Zxyel 防火墙命令注入)的概念证明漏洞利用
Refrence: GitHub
superzerosec
CVE-2022-30525 POC exploit
Refrence: GitHub
Chocapikk
Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Refrence: GitHub
160Team
CVE-2022-30525 Zyxel防火墙命令注入漏洞 POC&EXP
Refrence: GitHub
zhefox
Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
Refrence: GitHub
iveresk
Initial POC for the CVE-2022-30525
Refrence: GitHub
west9b
CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC
Refrence: GitHub
furkanzengin
A OS Command Injection Vulnerability in the CGI Program of Zyxel
Refrence: GitHub
ProngedFork
CVE-2022-30525 POC
Refrence: GitHub
cbk914
Refrence: GitHub
arajsingh-infosec
Exploit for CVE-2022-30525
Refrence: GitHub
Content on GitHub
W01fh4cker | watchers:1133
Serein
【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。
Refrence: GitHub
peiqiF4ck | watchers:157
WebFrameworkTools-5.1-main
本软件首先集成危害性较大框架和部分主流cms的rce(无需登录,或者登录绕过执行rce)和反序列化(利用链简单)。傻瓜式导入url即可实现批量getshell。批量自 动化测试。例如:Thinkphp,Struts2,weblogic。出现的最新漏洞进行实时跟踪并且更新例如:log4jRCE,向日葵 禅道RCE 瑞友天翼应用虚拟化系统sql注入导致RCE大华智慧园区上传,金蝶云星空漏洞等等.
Refrence: GitHub