CVE-2021-3297
45Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 21%
from disclosure to weapon
Published on NVDJan 26
VulnCheck+1666d
exploitation probability
21%top 3% of all CVEs
observed exploitation
yesVulnCheck
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
Affected products
n/a · n/aReferences
https://codeberg.org/nieldk/vulnerabilities/src/branch/main/zyxel%20nbg2105/Admin%20bypasshttps://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypasshttps://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105https://www.zyxel.com/us/en/support/security_advisories.shtml