Zyxel Armor X1 WAP6806 Directory Traversal

2020.07.15

Credit: Rajivarnan R

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-22

# Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal
# Date: 2020-06-19
# Exploit Author: Rajivarnan R
# Vendor Homepage: https://www.zyxel.com/
# Software [http://www.zyxelguard.com/WAP6806.asp]
# Version: [V1.00(ABAL.6)C0]
# CVE: 2020-14461
# Tested on: Linux Mint / Windows 10
# Vulnerabilities Discovered Date : 2020/06/19 [YYYY/MM/DD]
# As a result of the research, one vulnerability identified.
# (Directory Traversal)
# Technical information is provided below step by step.
# [1] - Directory Traversal Vulnerability
# Vulnerable Parameter Type: GET
# Vulnerable Parameter: TARGET/Zyxel/images/eaZy/]
# Proof of Concepts:https://TARGET/Zyxel/images/eaZy/
<https://target/Zyxel/images/eaZy/>

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zyxel Armor X1 WAP6806 Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.