Shodan search results for vulnerable Zyxel devices. Rapid7 researchers announced that they detected close to 17,000 devices connected to the internet in their scan through Shodan for vulnerable Zyxel products. Zyxel shared the affected products and patches with its users in its security advisory : Which Zyxel Products Does the Vulnerability Affect? With this method, cyber attackers can create a reverse shell using normal bash GTFOBin. Allows to Create “Reverse Shell”Īccording to cybersecurity researchers, attackers who exploit the vulnerability can execute commands as “nobody user.” The vulnerability is exploited via the /ztp/cgi-bin/handler URI and by passing commands to os.system in lib_wan_settings.py. Use SOCRadar for vulnerability intelligence and see which vulnerabilities are leveraged by threat actors. Threat actors are closely watching vulnerability trends and your public-facing services and technologies to find a backdoor. In an article published on Rapid7, researchers also shared a technical analysis of the details of the exploit. It allows threat actors to gain full access to corporate networks and devices. The vulnerability, code CVE-2022-30525, is “critical” with a CVSS score of 9.8. Zyxel has recently released patches for it. The vulnerability allows attackers to inject arbitrary commands without authentication remotely. Threat actors exploit the critical vulnerability affecting Zyxel’s firewall and VPN devices.
0 Comments
Leave a Reply. |