PT-2023-7789 · Zyxel · Zyxel Usg Flex Series +4

Name of the Vulnerable Software and Affected Versions: Zyxel ATP series versions 4.32 through 5.35 Zyxel USG FLEX series versions 4.50 through 5.35 Zyxel USG FLEX 50W versions 4.16 through 5.35 Zyxel USG20W-VPN versions 4.16 through 5.35 Zyxel VPN series versions 4.30 through 5.35 Description: Th...

Zyxel Firewall SUID Binary Privilege Escalation

This module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker...

Zyxel Firewall SUID Binary Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall SUID Binary Privilege Escalation', 'Description' = %q This module exploits CVE-2022-30526, a local privilege escalation...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Command Injection Vulnerability...

Zyxel Gateway / Access Point External DNS Request Vulnerability

Some Zyxel Access Points are prone to an information disclosure vulnerability where external DNS requests can be made. This VT has been deprecated and replaced by various device specific VTs. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2019-9955

Zyxel devices including ATP200/ATP500/ATP800, USG and ZyWALL series (e.g., USG20-VPN/USG1100/USG1900/ ZyWALL 110/310) are affected by CVE-2019-9955. The vulnerability is a reflected Cross-Site Scripting flaw on the security firewall login page caused by unsanitized mp_idx parameter in weblogin.cg...