关联漏洞
标题:
合勤科技 USG FLEX 操作系统命令注入漏洞
(CVE-2022-30525)
描述:Zyxel USG FLEX是中国合勤科技(Zyxel)公司的一款防火墙。提供灵活的 VPN 选项(IPsec、SSL 或 L2TP),为远程工作和管理提供灵活的安全远程访问。 合勤科技 USG FLEX 5.00版本至5.21版本、存在安全漏洞。攻击者利用该漏洞修改特定文件,在易受攻击的设备上执行一些操作系统命令。
描述
CVE-2022-30525 POC
介绍
## CVE-2022-30525 (Zyxel Firewall Remote Command Injection)
A python based exploit for CVE-2022-30525
### Vulnerability Summary ([NIST](https://nvd.nist.gov/vuln/detail/CVE-2022-30525))
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 up to and including 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 up to and including 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 up to and including 5.21 Patch 1, ATP series firmware versions 5.10 up to and including 5.21 Patch 1, VPN series firmware versions 4.60 up to and including 5.21 Patch 1, which could allow an malicious user to modify specific files and then execute some OS commands on a vulnerable device.
### Severity and Metrics:
CVSS | Base Score | Impact Score | Exploitability Score |
-|-|-|-|
v2 | 10 | 10 | 10|
v3 | 9.8 | 5.9 | 3.9|
### Vulnerable Products
Product |
-|
zyxel usg_flex_100w_firmware |
zyxel usg_flex_200_firmware |
zyxel usg_flex_500_firmware |
zyxel usg_flex_700_firmware |
zyxel vpn100_firmware |
zyxel vpn1000_firmware |
zyxel vpn300_firmware |
zyxel vpn50_firmware |
zyxel atp100_firmware |
zyxel atp100w_firmware |
zyxel atp200_firmware |
zyxel atp500_firmware |
zyxel atp700_firmware |
zyxel atp800_firmware |
zyxel usg_flex_50w_firmware |
zyxel usg20w-vpn_firmware |
文件快照
[4.0K] /data/pocs/00323781a57a17abbb675851874ae2cfb18eac83
├── [2.7K] CVE-2022-30525.py
└── [1.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。