Zyxel CVE for OS level command injection

Could be interesting to get OS access, or for flashing.

I wasn't however able to find a description of the exploit, got a FWA510 I would like to try it on ...

@bmork you wouldn't happen to know anything about this ?

affected devices:
NR5103
NR5103Ev2
NR5307
NR7103
NR7302
NR7303
NR7501
Nebula FWA510
Nebula FWA710
Nebula FWA505
Nebula LTE3301-PLUS
+other

More here

yeah, had already found it, but no info on how to (ab)use it ...

I don't know anything. Without a published exploit I guess it's hard to do anything.

But had to look at an old copy I had here. Certainly an interesting library. If strings like status code == CG_HTTP_STATUS_UNAUTHIRUZED ( also happen to be in the code, then it's no surprise if there are exploitable bugs :slight_smile:

2 Likes

no worries, I'm sure it'll pop up, eventually ...