module
Zyxel Unauthenticated LAN Remote Code Execution
| Disclosed | Created |
|---|---|
| 2022-02-01 | 2023-03-21 |
Disclosed
2022-02-01
Created
2023-03-21
Description
This module exploits a buffer overflow in the zhttpd binary (/bin/zhttpd). It is present on more than 40 Zyxel routers and CPE devices.
The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable.
No authentication is required. After exploitation, an attacker will be able to execute any command
as root, including downloading and executing a binary from another host.
The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable.
No authentication is required. After exploitation, an attacker will be able to execute any command
as root, including downloading and executing a binary from another host.
Authors
Steffen Robertz s.robertz@sec-consult.com
Gerhard Hechenberger g.hechenberger@sec-consult.com
Thomas Weber t.weber@sec-consult.com
Stefan Viehboeck v.viehboeck@sec-consult.com
SEC Consult Vulnerability Lab
Gerhard Hechenberger g.hechenberger@sec-consult.com
Thomas Weber t.weber@sec-consult.com
Stefan Viehboeck v.viehboeck@sec-consult.com
SEC Consult Vulnerability Lab
Platform
Linux
Architectures
armle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.