Exploit for #VU63145 OS Command Injection in ZyXEL Communications Corp. products

Vulnerability identifier: #VU63145

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2022-30525

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 15

• February 27, 2024
  • CVE-2022-30525_Exploit (Exploit for CVE-2022-30525) [Github]
• January 22, 2023
  • CVE-2022-30525_check () [Github]
• June 15, 2022
  • Zyxel USG FLEX 5.21 - OS Command Injection [Exploit-DB]
  • CVE-2022-30525 (CVE-2022-30525 POC) [Github]
• May 29, 2022
  • CVE-2022-30525-Zyxel- () [Github]
• May 23, 2022
  • cve-2022-30525 (Initial POC for the CVE-2022-30525) [Github]
• May 19, 2022
  • CVE-2022-30525-Reverse-Shell () [Github]
  • CVE-2022-30525-Reverse-Shell (Simple python script to exploit CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection) [Github]
• May 17, 2022
  • CVE-2022-30525 (CVE-2022-30525（Zxyel 防火墙命令注入）的概念证明漏洞利用) [Github]
• May 16, 2022
  • CVE-2022-30525 (Zyxel 防火墙未经身份验证的远程命令注入) [Github]
  • CVE-2022-30525 (Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525）) [Github]
  • victorian_machinery (Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)) [Github]
  • CVE-2022-30525 (Zyxel 防火墙远程命令注入漏洞（CVE-2022-30525）批量检测脚本) [Github]
  • CVE-2022-30525 (Zyxel Firewall Remote Command Injection Vulnerability (CVE-2022-30525) Batch Detection Script) [Github]
• May 14, 2022
  • Zyxel Firewall ZTP Unauthenticated Command Injection [Metasploit]

Vulnerable software:
USG FLEX 100W
Hardware solutions / Firmware
USG FLEX 200
Hardware solutions / Firmware
USG FLEX 500
Hardware solutions / Firmware
USG FLEX 700
Hardware solutions / Firmware
USG FLEX 50W
Hardware solutions / Firmware
USG20W-VPN
Hardware solutions / Firmware
ATP series
Hardware solutions / Routers for home users
VPN series
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: ZyXEL Communications Corp.