Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-29973 PoC — Zyxel NAS326和Zyxel NAS542 操作系统命令注入漏洞

Source
https://github.com/RevoltSecurities/CVE-2024-29973
Associated Vulnerability
Title:Zyxel NAS326和Zyxel NAS542 操作系统命令注入漏洞 (CVE-2024-29973)
Description:Zyxel NAS542和Zyxel NAS326都是中国合勤(Zyxel)公司的产品。Zyxel NAS542是一款NAS(网络附加存储)设备。Zyxel NAS326是一款云存储 NAS。 Zyxel NAS326 V5.21(AAZF.17)C0之前版本、NAS542 V5.21(ABAG.14)C0之前版本存在操作系统命令注入漏洞,该漏洞源于setCookie参数中存在命令注入漏洞,从而导致攻击者可通过HTTP POST请求来执行某些操作系统 (OS) 命令。
Description
Exploiter a Vulnerability detection and Exploitation tool for CVE-2024-29973 with Asychronous Performance.
Readme
# CVE-2024-29973
Exploiter a Vulnerability detection and Exploitation tool for CVE-2024-29973 with Asychronous Performance.

### Installation:
```bash
git clone https://github.com/RevoltSecurities/CVE-2024-29973
pip install -r requirements.txt
python3 exploit.py --help
```

### Usage:
```yaml
python3 exploit.py  -h                                               


    ______     ____  __         _ ______         
   / ____/  __/ __ \/ /  ____  (_)_  __/__  _____
  / __/ | |/_/ /_/ / /  / __ \/ / / / / _ \/ ___/
 / /____>  </ ____/ /__/ /_/ / / / / /  __/ /    
/_____/_/|_/_/   /_____|____/_/ /_/  \___/_/     
  
                    @RevoltSecurities

[Description]: Vulnerability Detection and Exploitation tool for CVE-2024-29973

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     [INF]: Specify a URL or domain for vulnerability detection
  -l LIST, --list LIST  [INF]: Specify a list of URLs for vulnerability detection
  -t THREADS, --threads THREADS
                        [INF]: Number of threads for list of URLs
  -proxy PROXY, --proxy PROXY
                        [INF]: Proxy URL to send request via your proxy
  -v, --verbose         [INF]: Increases verbosity of output in console
  -o OUTPUT, --output OUTPUT
                        [INF]: Filename to save output of vulnerable target]
```


### About :

The tool is Developed by [D.Sanjai Kumar @RevoltSecurities](https://www.linkedin.com/in/d-sanjai-kumar-109a7227b/) to detect and exploit the Vulnerability Command Injection CVE-2024-249973, The tool is only for education and ethical purpose only and 
Developers are not responsible for any illegal exploitations.
File Snapshot

 [4.0K]  /data/pocs/37bf2f8e61b96db818a8945f4d2625b514ecec2c
├── [6.6K]  exploit.py
├── [1.6K]  README.md
└── [  92]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.