Zyxel Armor X1 Model:WAP6806 - Directory Traversal

2020.06.30

Rajivarnan R (EE)

Risk: Medium

Local: No

Remote: Yes

CVE: cve 2020-14461

CWE: CWE-22

# Exploit Title: Zyxel Armor X1 Model:WAP6806 - Directory Traversal
# Date: 2020-06-19
# Exploit Author: Rajivarnan R - Cyberarch Consulting OÜ (Cyberarch.eu)
# Vendor Homepage: https://www.zyxel.com/
# Software [http://www.zyxelguard.com/WAP6806.asp]
# Version: [V1.00(ABAL.6)C0]
# CVE-ID: 2020-14461
# Tested on: Linux Mint / Windows 10
# Vulnerabilities Discovered Date : 2020/06/19 [YYYY/MM/DD]
# As a result of the research, one vulnerability identified. (Directory Traversal)
# Technical information is provided below step by step.
# [1] - Directory Traversal Vulnerability
# Vulnerable Parameter Type: GET
# Vulnerable Parameter: TARGET/Zyxel/images/eaZy/]
# Proof of Concepts:
https://TARGET/Zyxel/images/eaZy/

Referencje:

https://nvd.nist.gov/vuln/detail/CVE-2020-14461

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zyxel Armor X1 Model:WAP6806 - Directory Traversal

Referencje:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.