Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module is designed to detect a misconfiguration in ZyXEL USG devices with ZTP (Zero Touch Provisioning) support. It specifically targets devices that have not applied the CVE-2023-28771 patch. The severity of this misconfiguration is high.
If the misconfiguration is detected, an attacker can exploit it to gain unauthorized access to the ZyXEL USG device. This can lead to various security risks, including unauthorized configuration changes, data leakage, and potential remote code execution.
The module sends a POST request to the "/ztp/cgi-bin/handler" endpoint of the ZyXEL USG device. The request includes a JSON payload with the command "ping" and the destination URL for the interaction. The module then checks for specific conditions to determine if the misconfiguration is present:
- The response must have a status code of 200. - The response body must contain the words "message" and "result". - The interaction protocol must not be DNS.If all the conditions are met, the module reports the vulnerability.
Example HTTP request:
POST /ztp/cgi-bin/handler HTTP/1.1
Host: <Hostname>
Content-Type: application/json
{
"command": "ping",
"dest": "<InteractionURL>"
}
Note: It is important to apply the CVE-2023-28771 patch to mitigate the vulnerability and ensure the security of the ZyXEL USG device.