5 matches found
ZTE MF971R - Referer authentication bypass
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...
CVE-2021-21745
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...
VulnCheck KEV: CVE-2021-21745
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...
CVE-2021-21745
creationtimestamp| type| source ---|---|--- 2021-10-20 20:35:33+00:00| seen| https://t.me/cibsecurity/30908 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-21745.yaml 2025-01-26 00:00:00+00:00| seen| The Shadowserver...
CVE-2021-21745
CVE-2021-21745 is a ZTE MF971R Referer authentication bypass. Talos documents a flawed Referer-based mitigation in the web API goform_get_cmd_process path where bypassing the Referer check (e.g., by including 127.0.0.1 in the Referer) can grant full API access without proper CSRF protection. A Po...