CVE-2022-30525 PoC — 合勤科技 USG FLEX 操作系统命令注入漏洞

Source

https://github.com/zhefox/CVE-2022-30525-Reverse-Shell

Associated Vulnerability

Title:合勤科技 USG FLEX 操作系统命令注入漏洞 (CVE-2022-30525)
Description:Zyxel USG FLEX是中国合勤科技（Zyxel）公司的一款防火墙。提供灵活的 VPN 选项（IPsec、SSL 或 L2TP），为远程工作和管理提供灵活的安全远程访问。合勤科技 USG FLEX 5.00版本至5.21版本、存在安全漏洞。攻击者利用该漏洞修改特定文件，在易受攻击的设备上执行一些操作系统命令。

Description

Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!