漏洞描述
ZYXELVMG1312-B10D是一款由ZyXEL公司生产的网络设备,它是一款DSL路由器。该设备支持多种DSL技术,如ADSL、ADSL2+和VDSL等,并具有高速数据传输速率。此外,它还提供了一系列网络管理和安全功能,如防火墙、VPN和无线接入等。该路由器易受未经身份验证的本地包含(包括/etc/shadow等特权文件)的攻击。攻击者可以使用此端点读取系统上的所有文件。
ZYXEL VMG1312-B10D存在未经身份验证的本地包含漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-19326: Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
- POC CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9955: Zyxel - Cross-Site Scripting
- POC CVE-2020-29583: ZyXel USG - Hardcoded Credentials
- POC CVE-2020-9054: Zyxel NAS Firmware 5.21- Remote Code Execution
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-0342: Zyxel - Authentication Bypass
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
- POC CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass