Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-30525 PoC — 合勤科技 USG FLEX 操作系统命令注入漏洞

Source
https://github.com/5l1v3r1/CVE-2022-30525-Reverse-Shell
Associated Vulnerability
Title:合勤科技 USG FLEX 操作系统命令注入漏洞 (CVE-2022-30525)
Description:Zyxel USG FLEX是中国合勤科技(Zyxel)公司的一款防火墙。提供灵活的 VPN 选项(IPsec、SSL 或 L2TP),为远程工作和管理提供灵活的安全远程访问。 合勤科技 USG FLEX 5.00版本至5.21版本、存在安全漏洞。攻击者利用该漏洞修改特定文件,在易受攻击的设备上执行一些操作系统命令。
Description
Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection
File Snapshot

 [4.0K]  /data/pocs/2cfbfaf7daa62273e8cd4c1bfda621a7b7c915d0
├── [ 406]  banner
├── [3.0K]  CVE-2022-30525.py
└── [  17]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.