CVE-2024-29973

The repository contains a functional exploit for CVE-2026-22812, targeting OpenCode with a command execution vulnerability via session manipulation. The script demonstrates RCE by sending a crafted JSON payload to the '/session/{id}/shell' endpoint.

This repository contains a functional exploit PoC for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 and NAS542 firmware. The script sends a crafted HTTP request to execute arbitrary commands (e.g., 'id') and checks for the presence of 'root:' in the response to confirm vulnerability.

The repository contains a functional Python script that exploits a command injection vulnerability in Zyxel NAS devices (CVE-2024-29973). The exploit sends a crafted HTTP GET request to execute arbitrary commands via the `c0` parameter, specifically using `__import__('subprocess').check_output('id', shell=True)` to achieve remote code execution (RCE).

The repository contains a functional exploit for CVE-2024-29973, demonstrating a command injection vulnerability. The exploit sends a crafted HTTP request to trigger command execution and checks for the presence of the string 'Exploited' in the response to confirm vulnerability.

This repository contains a functional exploit PoC for multiple ZyXEL NAS vulnerabilities (CVE-2024-29972, CVE-2024-29973, CVE-2024-29974, CVE-2024-29975, CVE-2024-29976), including command injection, privilege escalation, and backdoor access. The exploit leverages Python code injection and shell command execution to achieve RCE and LPE.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 firmware. The YAML file includes a crafted HTTP GET request targeting the 'setCookie' parameter to execute arbitrary commands (e.g., 'id') via Python's subprocess module.

The repository contains a functional exploit for CVE-2024-29973, a command injection vulnerability in Zyxel NAS326 firmware. The exploit leverages improper input validation in the 'setCookie' parameter to execute arbitrary OS commands via crafted HTTP POST requests.

This repository contains a functional Python script that exploits CVE-2024-29973, a command injection vulnerability in Zyxel NAS devices. The script sends a crafted HTTP request to execute arbitrary commands (e.g., 'id') and checks the response for signs of successful exploitation.

The repository contains a functional exploit for CVE-2024-29973, demonstrating a command injection vulnerability in Zyxel NAS326 firmware. The YAML file includes a crafted HTTP POST request that injects commands via the 'setCookie' parameter, while the README provides additional context and examples.

The repository contains a functional exploit PoC for CVE-2024-29973, targeting a command injection vulnerability in a web application. The script sends crafted HTTP requests with payloads designed to execute arbitrary commands and checks for indicators of successful exploitation.

The repository contains a functional Python script that exploits a command injection vulnerability in Zyxel NAS devices (CVE-2024-29973). The exploit sends a crafted HTTP GET request to execute arbitrary commands via the `c0` parameter, leveraging Python's `subprocess` module for RCE.