Zyxel Armor X1 Model:WAP6806 - Directory Traversal

2020.06.30
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22

# Exploit Title: Zyxel Armor X1 Model:WAP6806 - Directory Traversal # Date: 2020-06-19 # Exploit Author: Rajivarnan R - Cyberarch Consulting OÜ (Cyberarch.eu) # Vendor Homepage: https://www.zyxel.com/ # Software [http://www.zyxelguard.com/WAP6806.asp] # Version: [V1.00(ABAL.6)C0] # CVE-ID: 2020-14461 # Tested on: Linux Mint / Windows 10 # Vulnerabilities Discovered Date : 2020/06/19 [YYYY/MM/DD] # As a result of the research, one vulnerability identified. (Directory Traversal) # Technical information is provided below step by step. # [1] - Directory Traversal Vulnerability # Vulnerable Parameter Type: GET # Vulnerable Parameter: TARGET/Zyxel/images/eaZy/] # Proof of Concepts: https://TARGET/Zyxel/images/eaZy/

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-14461


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top