exploitDog

CVE-2021-3297

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Высокий

Описание

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.

Ссылки

https://codeberg.org/nieldk/vulnerabilities/src/branch/main/zyxel%20nbg2105/Admin%20bypass
https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
Exploit
Third Party Advisory
https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
Product
Vendor Advisory
https://www.zyxel.com/us/en/support/security_advisories.shtml
Vendor Advisory
https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
Exploit
Third Party Advisory
https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
Product
Vendor Advisory
https://www.zyxel.com/us/en/support/security_advisories.shtml
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:zyxel:nbg2105_firmware:v1.00\(aagu.2\)c0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:nbg2105:-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.86299

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-vqr2-c24p-rh7p

CVSS3: 7.8

github

больше 3 лет назад

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.

EPSS

Процентиль: 99%

0.86299

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287