ZTE MF971R - Referer authentication bypass

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. id: CVE-2021-21745 info: name: ZTE MF971R - Referer authentication bypass...

ZTE MF971R Referer Authentication Bypass Vulnerability

The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps.The ZTE MF971R is vulnerable to a Referer authentication bypass. An attacker can exploit the vulnerability by sending a click request to the user to perform an illegal authorized...

Authentication flaw

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

CVE-2021-21745

CVE-2021-21745 is a ZTE MF971R Referer authentication bypass. Talos documents a flawed Referer-based mitigation in the web API goform_get_cmd_process path where bypassing the Referer check (e.g., by including 127.0.0.1 in the Referer) can grant full API access without proper CSRF protection. A Po...

CVE-2021-21745

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click...

ZTE MF971R LTE router 授权问题漏洞

The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps.The ZTE MF971R is vulnerable to a Referer authentication bypass. An attacker can exploit the vulnerability by sending a click request to the user to perform an illegal authorized...