CVE-2024-29973

The repository contains a functional exploit for CVE-2026-22812, targeting OpenCode with a command execution vulnerability via session manipulation. The script demonstrates RCE by sending a crafted JSON payload to the '/session/{id}/shell' endpoint.

This repository contains a functional exploit PoC for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 and NAS542 firmware. The script sends a crafted HTTP request to execute arbitrary commands (e.g., 'id') and checks for the presence of 'root:' in the response to confirm vulnerability.

The repository contains a functional Python script that exploits a command injection vulnerability in Zyxel NAS devices (CVE-2024-29973). The exploit sends a crafted HTTP GET request to execute arbitrary commands via the `c0` parameter, specifically using `__import__('subprocess').check_output('id', shell=True)` to achieve remote code execution (RCE).

The repository contains a functional exploit for CVE-2024-29973, demonstrating a command injection vulnerability. The exploit sends a crafted HTTP request to trigger command execution and checks for the presence of the string 'Exploited' in the response to confirm vulnerability.

This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 firmware. The YAML file includes a crafted HTTP GET request targeting the 'setCookie' parameter to execute arbitrary commands (e.g., 'id') via Python's subprocess module.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 and NAS542 firmware. The exploit leverages improper input validation in the 'setCookie' parameter to execute arbitrary commands via crafted HTTP POST requests.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 and NAS542 firmware. The exploit leverages improper input validation in the 'setCookie' parameter to execute arbitrary OS commands via crafted HTTP POST requests.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 firmware. The exploit leverages improper input validation in the 'setCookie' parameter to execute arbitrary OS commands via crafted HTTP POST requests.

This repository contains a functional Python script that exploits CVE-2024-29973, a command injection vulnerability in Zyxel NAS devices. The script sends a crafted HTTP request to execute arbitrary commands (e.g., 'id') and checks the response for signs of successful exploitation.

The repository contains a functional exploit for CVE-2024-29973, demonstrating a command injection vulnerability in Zyxel NAS326 firmware. The YAML file includes a crafted HTTP POST request that injects commands via the 'setCookie' parameter, while the README provides additional context and examples.

The repository contains a functional exploit PoC for CVE-2024-29973, targeting a command injection vulnerability in a web application. The script sends crafted HTTP requests with payloads designed to execute arbitrary commands and checks for indicators of successful exploitation.

The repository contains a functional Python script that exploits a command injection vulnerability in Zyxel NAS devices (CVE-2024-29973). The exploit sends a crafted HTTP GET request to execute arbitrary commands via the `c0` parameter, leveraging Python's `subprocess` module for RCE.