当前位置:网站首页>Cve-2022-30525 vulnerability recurrence
Cve-2022-30525 vulnerability recurrence
2022-06-09 02:08:00 【First step】
This article is only for study , It is strictly forbidden to use it for illegal purposes , Otherwise, we will be responsible for the consequences .
CVE-2022-30525
Vulnerability profile
2022 year 5 month 12 Japan ,Zyxel( Heqin ) Issue safety bulletins , Fixed the unauthenticated remote command injection vulnerability in its firewall device (CVE-2022-30525), Of the vulnerability CVSS The score is 9.8.
The flaw lies in some Zyxel Firewall version CGI In the program , Allow unauthenticated on affected devices nobody Execute arbitrary command as user .
At present, the details of the vulnerability have been publicly disclosed , And accordingly Metasploit The module has been released , Successful use can realize file modification and operating system command execution , To gain initial access to the network and realize horizontal movement to the internal system .
Holes affect
| Affected models | Affected firmware version | Patch version |
|---|---|---|
| USG FLEX 100(W)、200、500、700 | ZLD V5.00 -ZLD V5.21 Patch 1 | ZLD V5.30 |
| USG FLEX 50(W) / USG20(W)-VPN | ZLD V5.10 - ZLD V5.21 Patch 1 | ZLD V5.30 |
| ATP series | ZLD V5.10 - ZLD V5.21 Patch 1 | ZLD V5.30 |
| VPN series | ZLD V4.60 - ZLD V5.21 Patch 1 | ZLD V5.30 |
Bug repair
at present Zyxel This vulnerability has been fixed ÿ
边栏推荐
- 马上消费:打击征信修复不遗余力,乱象根治呼唤社会合力
- Lvs+keepalived high availability
- How can golang set its own gopath and import the definition file normally
- Mp4 structure
- 【Unity在Inspector面板修改值时销毁物体或组件】
- Assignment of C language programming practice
- Shell evaluation file / directory status
- Live short video app development
- [FBCTF2019]RCEService
- Security analysis and demonstration of contract private data leakage
猜你喜欢
得物技术埋点自动化验证的探索和最佳实践
Intel accélère la transformation intellectuelle du nuage
Read the log + regularize and extract the desired content + write the script to csv/xlsx
Implementation of UESTC daily report based on Selenium
Former Disney executive says Depp will return to pirates of the Caribbean to continue playing Captain
Explication détaillée du nombre de points flottants (une étude approfondie du nombre de points flottants)
二叉树链式结构
MySQL starts the binlog log to recover the erroneously deleted tables, data and MySQL database
年轻人“新宠”冷泡茶:能否开启下一个“立顿时代”?
【刷穿剑指】剑指 Offer II 003. 前 n 个数字二进制中 1 的个数
随机推荐
Live short video app development
shell 菱形图案
After apple and Samsung both reduced their prices by more than 1000 yuan, domestic mobile phones were unable to sit still and sold off at reduced prices
C language library management system
Diffusion model最近在圖像生成領域大紅大紫,如何看待它的風頭開始超過GAN?
二叉树链式结构
Assignment of C language programming practice
【Q&A】时间敏感网络-802.1AS中的时间同步机制
win10 重命名用户文件夹
Shell subtraction
How Bi makes SaaS products have a "sense of security" and "sensitivity" (Part I)
[MVC idea in unity -- using MVC to make UI logic]
双检锁为什么需要使用volatile关键字
Flv structure description
How Bi makes SaaS products have a "sense of security" and "sensitivity" (Part I)
Diffusion model has been very popular in the field of image generation recently. How do you think its popularity has begun to surpass Gan?
[unity destroys objects or components when the inspector panel modifies values]
Number theory -- simple sieve method, Ehrlich sieve method and linear sieve method
C language campus supermarket management system
C语言疫苗预约管理系统