Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/07/05 4:50 p.m.28 views

Metasploit Weekly Wrap-Up 07/05/2024

I still like to MOVEit MOVEit This week, our very own sfewer-r7 added a new exploit module that leverages an authentication bypass vulnerability in the MOVEit Transfer SFTP service CVE-2024-5806. It is possible to authenticate to the SFTP service as any user as long as a valid username is known a...

9.1CVSS9.5AI score0.75812EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/07/04 12:0 a.m.358 views

Zyxel parse_config.py Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel parseconfig.py Command Injection', 'Description' = %q This module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG...

8.8CVSS7.1AI score0.1014EPSS
Exploits2
Circl
Circl
added 2024/02/21 7:32 p.m.10 views

CVE-2023-33012

creationtimestamp| type| source ---|---|--- 2024-02-21 19:32:40+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/8376 2024-07-03 18:47:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/zyxelparseconfigrce.rb 2025-02-06...

8.8CVSS8.1AI score0.1014EPSS
Exploits2References2
NVD
NVD
added 2023/07/17 6:15 p.m.40 views

CVE-2023-33012

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...

8.8CVSS0.1014EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/07/17 5:23 p.m.43 views

CVE-2023-33012

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50W series firmware versions 5.10 through 5.36 Patch 2, USG20W-VPN series firmware versions 5.10...

8.8CVSS9.2AI score0.1014EPSS
Exploits2References1
CVE
CVE
added 2023/07/17 5:23 p.m.70 views

CVE-2023-33012

CVE-2023-33012 is a command-injection vulnerability in the configuration parser of Zyxel devices (ATP, USG FLEX/50(W), USG20(W)-VPN, VPN series). The root cause is a flaw in parsing GRE configurations when cloud management mode is enabled, allowing an unauthenticated, LAN-based attacker to execut...

8.8CVSS8.9AI score0.1014EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder