Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-30525
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
合勤科技 USG FLEX 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Zyxel USG FLEX是中国合勤科技(Zyxel)公司的一款防火墙。提供灵活的 VPN 选项(IPsec、SSL 或 L2TP),为远程工作和管理提供灵活的安全远程访问。 合勤科技 USG FLEX 5.00版本至5.21版本、存在安全漏洞。攻击者利用该漏洞修改特定文件,在易受攻击的设备上执行一些操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
ZyxelUSG FLEX 100(W) firmware 5.00 through 5.21 Patch 1 -
ZyxelUSG FLEX 200 firmware 5.00 through 5.21 Patch 1 -
ZyxelUSG FLEX 500 firmware 5.00 through 5.21 Patch 1 -
ZyxelUSG FLEX 700 firmware 5.00 through 5.21 Patch 1 -
ZyxelATP series firmware 5.10 through 5.21 Patch 1 -
ZyxelVPN series firmware 4.60 through 5.21 Patch 1 -
ZyxelUSG FLEX 50(W) firmware 5.10 through 5.21 Patch 1 -
ZyxelUSG 20(W)-VPN firmware 5.10 through 5.21 Patch 1 -
II. Public POCs for CVE-2022-30525
#POC DescriptionSource LinkShenlong Link
1Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)https://github.com/jbaines-r7/victorian_machineryPOC Details
2Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)https://github.com/Henry4E36/CVE-2022-30525POC Details
3Zyxel 防火墙远程命令注入漏洞(CVE-2022-30525)批量检测脚本https://github.com/shuai06/CVE-2022-30525POC Details
4Zyxel 防火墙未经身份验证的远程命令注入https://github.com/savior-only/CVE-2022-30525POC Details
5Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525) Batch Detection Scripthttps://github.com/M4fiaB0y/CVE-2022-30525POC Details
6CVE-2022-30525(Zxyel 防火墙命令注入)的概念证明漏洞利用https://github.com/k0sf/CVE-2022-30525POC Details
7CVE-2022-30525 POC exploithttps://github.com/superzerosec/CVE-2022-30525POC Details
8Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injectionhttps://github.com/Chocapikk/CVE-2022-30525-Reverse-ShellPOC Details
9CVE-2022-30525 Zyxel防火墙命令注入漏洞 POC&EXPhttps://github.com/160Team/CVE-2022-30525POC Details
10Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injectionhttps://github.com/zhefox/CVE-2022-30525-Reverse-ShellPOC Details
11Initial POC for the CVE-2022-30525https://github.com/iveresk/cve-2022-30525POC Details
12CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC https://github.com/west9b/CVE-2022-30525POC Details
13A OS Command Injection Vulnerability in the CGI Program of Zyxelhttps://github.com/furkanzengin/CVE-2022-30525POC Details
14CVE-2022-30525 POChttps://github.com/ProngedFork/CVE-2022-30525POC Details
15Nonehttps://github.com/cbk914/CVE-2022-30525_checkPOC Details
16Exploit for CVE-2022-30525https://github.com/arajsingh-infosec/CVE-2022-30525_ExploitPOC Details
17Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injectionhttps://github.com/5l1v3r1/CVE-2022-30525-Reverse-ShellPOC Details
18An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, are susceptible to a command injection vulnerability which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-30525.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-30525
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: USG FLEX 100(W) firmware
Same vendor: Zyxel
Same weakness: CWE-78
V. Comments for CVE-2022-30525

No comments yet

Leave a comment