4 matches found
Zyxel Chained Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'socket' require 'digest/md5' class MetasploitModule 'Zyxel chained RCE using LFI and weak password derivation algorithm', 'Description' = %q This module exploit...
CVE-2023-28770
creationtimestamp| type| source ---|---|--- 2023-04-27 12:39:20+00:00| seen| https://t.me/cibsecurity/62965 2023-05-10 10:06:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zyxellfiunauthsshrce.rb 2023-05-11 18:05:50+00:00|...
CVE-2023-28770
The sensitive information exposure vulnerability in the CGI “ExportLog” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17ABYO.1C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file...
CVE-2023-28770
CVE-2023-28770 affects Zyxel DX5401-B0 firmware prior to V5.17(ABYO.1)C0. The issue arises from sensitive information exposure via CGI Export_Log and the zcmd binary, allowing a remote unauthenticated attacker to read system files and retrieve the supervisor password from an encrypted file. Publi...