CVE-2023-28771 PoC — Zyxel ZyWALL USG 操作系统命令注入漏洞

Source

https://github.com/benjaminhays/CVE-2023-28771-PoC

Associated Vulnerability

Title:Zyxel ZyWALL USG 操作系统命令注入漏洞 (CVE-2023-28771)
Description:Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Description

PoC for CVE-2023-28771 based on Rapid7's excellent writeup

Readme

# CVE-2023-28771-PoC
PoC for CVE-2023-28771 based on Rapid7's excellent writeup

Requires the scapy Python library for sending IKE packets.

```
usage: CVE-2023-28771-poc.py [-h] [--cmd CMD] [--lhost LHOST] [--lport LPORT] rhost

positional arguments:
  rhost

options:
  -h, --help     show this help message and exit
  --cmd CMD
  --lhost LHOST
  --lport LPORT
```

Either use --cmd to run an arbitrary command, or use --lport and --lhost to spawn a revshell

File Snapshot


 [4.0K]  /data/pocs/61c4a538e94e3d8c52319afa31b22b2503103575
├── [ 934]  CVE-2023-28771-poc.py
├── [ 461]  README.md
└── [   6]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!