re: Zyxel VPN Series Pre-auth Remote Command Execution - Blog - VulnCheck
Tags
attack-pattern: | Data Models Firmware - T1592.003 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
Type | Value |
---|---|
UUID | 44a49e31-970c-4ade-9614-493266b521e2 |
Fingerprint | 2440b151e822e7c5 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Feb. 21, 2024, midnight |
Added to db | Aug. 31, 2024, 8:53 a.m. |
Last updated | Dec. 22, 2024, 1:39 p.m. |
Headline | re: Zyxel VPN Series Pre-auth Remote Command Execution |
Title | re: Zyxel VPN Series Pre-auth Remote Command Execution - Blog - VulnCheck |
Detected Hints/Tags/Attributes | 42/1/9 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://vulncheck.com/blog/zyxel-cve-2023-33012 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 261 | ✔ | VulnCheck Blog | https://vulncheck.com/feed/blog/atom.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 3 | cve-2023-33012 |
|
Details | Domain | 1 | dumpztplog.py |
|
Details | File | 1 | parse_config.py |
|
Details | File | 1 | sdwan_interface.log |
|
Details | File | 1 | dumpztplog.py |
|
Details | File | 1 | zld_product_spec.js |
|
Details | IPv4 | 6 | 10.12.70.252 |
|
Details | IPv4 | 1576 | 127.0.0.1 |
|
Details | Yara rule | 1 | rule Zyxel_CVE_2023_33012 { meta: description = "Zyxel ZTP Config Parser Exploit Attempt" path_pattern = "/ztp/cgi-bin/dumpztplog.py" strings: $vti = "proto=vti" $gre = "proto=gre" $tmp = "/tmp/" $qsr = ".qsr" condition: all of them } |