EIP-c624ba9f
A command-injection vulnerability exists within the ZyXEL Armor Z1 AC2350 series. The vulnerable endpoint is within the ‘photobak’ component found in the cgi-bin. Exploitation of the vulnerability allows for remote unauthenticated attackers to run arbitrary commands on vulnerable versions of the firmware under the context of the underlying lighthttpd subsystem.
Vulnerability Identifiers
- Exodus Intelligence: EIP-c624ba9f
- MITRE CVE: CVE-2021-4029
Vulnerability Metrics
- CVSSv2 Score: 8.3
Vendor References
- https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
Discovery Credit
- Exodus Intelligence
Disclosure Timeline
- Disclosed to affected vendor: December 14th, 2021
- Disclosed to public: February 22nd, 2022
Further Information
Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.
Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.