6 matches found
Zyxel zysh Format String Proof Of Concept
!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...
Zyxel zysh - Format string
!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...
Zyxel Buffer Overflow / Format String / Command Injection
-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices
Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities is as follows - CVE-2022-0734 - A cross-site scripting XSS...
CVE-2022-26531
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG...
CVE-2022-26531
CVE-2022-26531 stems from multiple improper input validation flaws in Zyxel devices (USG/ZyWALL, USG FLEX, ATP, VPN, NSG, NXC2500, NAP203, NWA50AX, WAC500, WAX510D) across firmware ranges up to 4.71/5.21/6.x, enabling a local authenticated attacker to trigger a buffer overflow or system crash via...