Vulnerability Details CVE-2021-3297
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.8
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
- https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
- https://www.zyxel.com/us/en/support/security_advisories.shtml
- https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
- https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
- https://www.zyxel.com/us/en/support/security_advisories.shtml
Products affected by CVE-2021-3297
-
cpe:2.3:h:zyxel:nbg2105:-
-
cpe:2.3:o:zyxel:nbg2105_firmware:v1.00(aagu.2)c0