This script checks for the presence of the OS command injection vulnerability (CVE-2022-30525) in Zyxel USG FLEX devices running firmware versions 5.00 through 5.21 Patch 1. The vulnerability allows an attacker to modify specific files and execute OS commands on a vulnerable device.
Instructions for use:
- Ensure that Python 3 is installed on your system
- Download the script and save it to your local machine
- Open a command prompt or terminal window and navigate to the directory where the script is saved
- Run the script with the following command: "python CVE-2022-30525.py -t [TARGET_URL]"
- Replace [TARGET_URL] with the URL of the Zyxel USG FLEX device you wish to check
- The script will check the device for the vulnerability and print the result to the console.
- Make sure the device is reachable and you have the correct URL
Script will check for the vulnerability by sending a specific request with headers, it will check if the request get a 200 status code and if the headers contain a specific string, if not it will be considered safe.