CVE-2021-3297 Information

Description

On Zyxel NBG2105 V1.00(AAGU.2)C0 devices setting the login cookie to 1 provides administrator access.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.zyxel.com/us/en/support/security_advisories.shtml https://www.zyxel.com/support/SupportLandingSR.shtml?c=gb&l=en&kbid=M-01490&md=NBG2105 https://github.com/nieldk/vulnerabilities/blob/main/zyxel%20nbg2105/Admin%20bypass

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8