rainpwn.blog

    Exploit Arsenal

    Custom exploitation tools and proof-of-concept codes for discovered vulnerabilities.

    5
    Total Exploits
    1
    Languages

    ZYXEL ZLD 5.40: 2FA Authentication Bypass

    CVE-2025-9133
    High
    Python
    Authentication Bypass

    This exploit allow an attacker to bypass 2FA and view device configuration.

    Last updated: --

    ZYXEL ZLD 5.40: Remote Code Execution via CLI Command Injection

    CVE-2025-8078
    High
    Python
    Remote Code Execution

    This exploit allow an attacker to perform RCE remotely due to improper input sanitization of the "web-auth" command.

    Last updated: --

    ZYXEL uOS 1.21: WebGUI Privilege Escalation

    CVE-2024-9677
    High
    Python
    Privilege Escalation

    This exploit allows an attacker to escalate Web GUI privileges by stealing an authenticated admin's session token.

    Last updated: --

    ZYXEL uOS 1.31: Authenticated Remote Code Execution

    CVE-2025-1731
    High
    Python
    Remote Code Execution

    This exploit allow an attacker to gain remote code execution exploiting a no-auth postgresql service via ssh-tunnel

    Last updated: --

    ZYXEL uOS 1.31: WebGUI Privilege Escalation via stealed token

    CVE-2025-1731
    High
    Python
    Privilege Escalation

    This exploit allow an attacker to perform a WebGUI Privilege Escalation using stealed token via Remote Command Execution as postgres user.

    Last updated: --