支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2020-9054 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
多款ZyXEL产品 操作系统命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Zyxel NAS520是中国合勤(Zyxel)公司的一款NAS(网络附加存储)设备。 多款ZyXEL产品存在操作系统命令注入漏洞。远程攻击者可借助特制的HTTP POST或GET请求利用该漏洞执行任意代码。以下产品及版本受到影响:使用V5.21(AAZF.7)C0之前版本固件的NAS326;使用V5.21(AASZ.3)C0之前版本固件的NAS520;使用V5.21(AATB.4)C0之前版本固件的NAS540;使用V5.21(ABAG.4)C0之前版本固件的NAS542;ZyXEL NSA210;Zy
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
ZyXELNAS326 V5.21(AAZF.7)C0 ~ V5.21(AAZF.7)C0 -
ZyXELNAS520 V5.21(AASZ.3)C0 ~ V5.21(AASZ.3)C0 -
ZyXELNAS540 V5.21(AATB.4)C0 ~ V5.21(AATB.4)C0 -
ZyXELNAS542 V5.21(ABAG.4)C0 ~ V5.21(ABAG.4)C0 -
ZyXELNSA210 all -
ZyXELNSA220 all -
ZyXELNSA220+ all -
ZyXELNSA221 all -
ZyXELNSA310 V4.75(AALH.2)C0 ~ V4.75(AALH.2)C0 -
ZyXELNSA320 all -
ZyXELNSA320S V4.75(AANV.2)C0 ~ V4.75(AANV.2)C0 -
ZyXELNSA325 V4.81(AAAJ.1)C0 ~ V4.81(AAAJ.1)C0 -
ZyXELNSA325v2 V4.81(AALS.1)C0 ~ V4.81(AALS.1)C0 -
二、漏洞 CVE-2020-9054 的公开POC
#POC 描述源链接神龙链接
1CVE-2020-9054 PoC for Zyxelhttps://github.com/darrenmartyn/CVE-2020-9054POC详情
2Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9054.yamlPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2020-9054 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2020-9054 的评论

暂无评论

发表评论