漏洞描述
某些Zyxel防火墙和AP控制器中存在一个硬编码的后门账号,账号密码为zyfwp/PrOw!aN_fXp或存在弱口令账号,使用该帐号旨在通过FTP向连接的访问点提供自动固件更新。在具体的利用场景中可以通过该漏洞来植入后门程序,建议使用该产品的用户尽快升级漏洞修复的版本。
zyxel <=4.60硬编码账号或弱口令漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-19326: Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion
- POC CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9955: Zyxel - Cross-Site Scripting
- POC CVE-2020-29583: ZyXel USG - Hardcoded Credentials
- POC CVE-2020-9054: Zyxel NAS Firmware 5.21- Remote Code Execution
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
- POC CVE-2021-46387: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
- POC CVE-2022-0342: Zyxel - Authentication Bypass
- POC CVE-2022-30525: Zyxel Firewall - OS Command Injection
- POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
- POC CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass