On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
References
Link | Resource |
---|---|
https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass | Exploit Third Party Advisory |
https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105 | Product Vendor Advisory |
https://www.zyxel.com/us/en/support/security_advisories.shtml | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
03 Feb 2021, 22:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:zyxel:nbg2105_firmware:v1.00\(aagu.2\)c0:*:*:*:*:*:*:* cpe:2.3:h:zyxel:nbg2105:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (MISC) https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass - Exploit, Third Party Advisory | |
References | (MISC) https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105 - Product, Vendor Advisory | |
References | (MISC) https://www.zyxel.com/us/en/support/security_advisories.shtml - Vendor Advisory | |
CWE | CWE-287 |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-26 18:16
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3297
Mitre link : CVE-2021-3297
CVE.ORG link : CVE-2021-3297
JSON object : View
Products Affected
zyxel
- nbg2105
- nbg2105_firmware
CWE
CWE-287
Improper Authentication