mirror of https://github.com/qwqdanchun/Goby.git
149 lines
5.4 KiB
JSON
149 lines
5.4 KiB
JSON
{
|
||
"Name": "Zyxel ZTP RCE (CVE-2022-30525)",
|
||
"Description": "<p>Several firewalls, such as the Zyxel ATP series, VPN series, and USG FLEX series, have security vulnerabilities.<br></p><p>An unauthenticated remote attacker could execute arbitrary code on the affected device as the user nobody, taking control of the server.<br></p>",
|
||
"Product": "Zyxel",
|
||
"Homepage": "https://www.zyxel.com/",
|
||
"DisclosureDate": "2022-05-12",
|
||
"Author": "abszse",
|
||
"FofaQuery": "title=\"USG FLEX\" || title=\"USG20-VPN\" || title=\"USG20W-VPN\" || title=\"ATP100\" || title=\"ATP200\" || title=\"ATP500\"title=\"ATP700\" || title=\"ATP800\"",
|
||
"GobyQuery": "title=\"USG FLEX\" || title=\"USG20-VPN\" || title=\"USG20W-VPN\" || title=\"ATP100\" || title=\"ATP200\" || title=\"ATP500\"title=\"ATP700\" || title=\"ATP800\"",
|
||
"Level": "3",
|
||
"Impact": "<p>An unauthenticated remote attacker could execute arbitrary code on the affected device as the user nobody, taking control of the server.<br></p>",
|
||
"Recommendation": "<p>At present, the manufacturer has released patches, please follow the link in time: <a href=\"https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml\">https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml</a><br></p>",
|
||
"References": [
|
||
"https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/?utm_source=dlvr.it&utm_medium=twitter"
|
||
],
|
||
"Is0day": false,
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"name": "AttackType",
|
||
"type": "select",
|
||
"value": "goby_shell_linux",
|
||
"show": ""
|
||
}
|
||
],
|
||
"ExpTips": {
|
||
"Type": "",
|
||
"Content": ""
|
||
},
|
||
"ScanSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"ExploitSteps": [
|
||
"AND",
|
||
{
|
||
"Request": {
|
||
"method": "GET",
|
||
"uri": "/test.php",
|
||
"follow_redirect": true,
|
||
"header": {},
|
||
"data_type": "text",
|
||
"data": ""
|
||
},
|
||
"ResponseTest": {
|
||
"type": "group",
|
||
"operation": "AND",
|
||
"checks": [
|
||
{
|
||
"type": "item",
|
||
"variable": "$code",
|
||
"operation": "==",
|
||
"value": "200",
|
||
"bz": ""
|
||
},
|
||
{
|
||
"type": "item",
|
||
"variable": "$body",
|
||
"operation": "contains",
|
||
"value": "test",
|
||
"bz": ""
|
||
}
|
||
]
|
||
},
|
||
"SetVariable": []
|
||
}
|
||
],
|
||
"Tags": [
|
||
"Command Execution"
|
||
],
|
||
"VulType": [
|
||
"Command Execution"
|
||
],
|
||
"CVEIDs": [
|
||
"CVE-2022-30525"
|
||
],
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
""
|
||
],
|
||
"CVSSScore": "9.8",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "Zyxel ZTP 远程命令执行漏洞(CVE-2022-30525)",
|
||
"Product": "Zyxel",
|
||
"Description": "<p>Zyxel ATP 系列、VPN 系列和 USG FLEX 系列等多款防火墙存在安全漏洞。<br></p><p>未经身份验证的远程攻击者以nobody的用户身份在受影响设备上执行任意代码,控制服务器。<br></p>",
|
||
"Recommendation": "<p>目前厂商已发布补丁,请及时关注链接:<a href=\"https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml\">https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml</a><br></p>",
|
||
"Impact": "<p>未经身份验证的远程攻击者以nobody的用户身份在受影响设备上执行任意代码,控制服务器。<br></p>",
|
||
"VulType": [
|
||
"命令执⾏"
|
||
],
|
||
"Tags": [
|
||
"命令执⾏"
|
||
]
|
||
},
|
||
"EN": {
|
||
"Name": "Zyxel ZTP RCE (CVE-2022-30525)",
|
||
"Product": "Zyxel",
|
||
"Description": "<p>Several firewalls, such as the Zyxel ATP series, VPN series, and USG FLEX series, have security vulnerabilities.<br></p><p>An unauthenticated remote attacker could execute arbitrary code on the affected device as the user nobody, taking control of the server.<br></p>",
|
||
"Recommendation": "<p>At present, the manufacturer has released patches, please follow the link in time: <a href=\"https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml\">https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml</a><br></p>",
|
||
"Impact": "<p>An unauthenticated remote attacker could execute arbitrary code on the affected device as the user nobody, taking control of the server.<br></p>",
|
||
"VulType": [
|
||
"Command Execution"
|
||
],
|
||
"Tags": [
|
||
"Command Execution"
|
||
]
|
||
}
|
||
},
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": null
|
||
}
|
||
} |