Exploit Arsenal
Custom exploitation tools and proof-of-concept codes for discovered vulnerabilities.
ZYXEL ZLD 5.41 Remote Code Execution via DDNS profile command injection.
This exploit allows a remote attacker to achieve remote code execution (RCE) due to improper input sanitization in the DDNS profile configuration command on ZYXEL ATP and USG series devices.
ZYXEL ZLD 5.40: 2FA Authentication Bypass
This exploit allow an attacker to bypass 2FA and view device configuration.
ZYXEL ZLD 5.40: Remote Code Execution via CLI Command Injection
This exploit allow an attacker to perform RCE remotely due to improper input sanitization of the "web-auth" command.
ZYXEL uOS 1.21: WebGUI Privilege Escalation
This exploit allows an attacker to escalate Web GUI privileges by stealing an authenticated admin's session token.
ZYXEL uOS 1.31: Authenticated Remote Code Execution
This exploit allow an attacker to gain remote code execution exploiting a no-auth postgresql service via ssh-tunnel
ZYXEL uOS 1.31: WebGUI Privilege Escalation via stealed token
This exploit allow an attacker to perform a WebGUI Privilege Escalation using stealed token via Remote Command Execution as postgres user.