re: Zyxel VPN Series Pre-auth Remote Command Execution - Blog - VulnCheck
Common Information
Type Value
UUID 44a49e31-970c-4ade-9614-493266b521e2
Fingerprint 2440b151e822e7c5
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 21, 2024, midnight
Added to db Aug. 31, 2024, 8:53 a.m.
Last updated Dec. 22, 2024, 1:39 p.m.
Headline re: Zyxel VPN Series Pre-auth Remote Command Execution
Title re: Zyxel VPN Series Pre-auth Remote Command Execution - Blog - VulnCheck
Detected Hints/Tags/Attributes 42/1/9
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 261 VulnCheck Blog https://vulncheck.com/feed/blog/atom.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 3
cve-2023-33012
Details Domain 1
dumpztplog.py
Details File 1
parse_config.py
Details File 1
sdwan_interface.log
Details File 1
dumpztplog.py
Details File 1
zld_product_spec.js
Details IPv4 6
10.12.70.252
Details IPv4 1576
127.0.0.1
Details Yara rule 1
rule Zyxel_CVE_2023_33012 {
	meta:
		description = "Zyxel ZTP Config Parser Exploit Attempt"
		path_pattern = "/ztp/cgi-bin/dumpztplog.py"
	strings:
		$vti = "proto=vti"
		$gre = "proto=gre"
		$tmp = "/tmp/"
		$qsr = ".qsr"
	condition:
		all of them
}