Vulnerability details
ZyXEL routers running the SSH-2.0-dropbear_0.46 are affected by restricted shell escape which isolate users on an interactive console with limited commands due to an insufficient validation of the user input by using substitution commands the attacker can execute commands with root privileges.
Successfully tested on ZyXEL models VMG1312-B10A and VMG1312-B10B with firmware versions V1.00(AAJZ.17)C0 and V1.00(AAVS.0)b21.
