in ,

CVE-2021-35029 – Authentication Bypass & RC in Zyxel USG devices

Analysis of a preauth command injection

This article explains the process of identifying and exploiting a known flaw on Zyxel USG devices, taking into consideration the following CVE:

  • CVE-2021-35029 – Authentication bypass & remote code execution, spotted in the wild on July 2021.

An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. – CVE Mitre.

Currently, there is no published exploit available for this vulnerability, so we decided to delay publishing this blog post.

Furthermore, this blog post aims to show how to find such vulnerability in two different ways:

  • With the standard approach, by diffing patched and unpatched firmware versions.
  • With Joern, a valuable tool for vulnerability discovery and research in static program analysis.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2022-22005 Microsoft Sharepoint RCE

Hacking a Bank by Finding a 0day in DotCMS