从这张网页截图中,可以获取到以下关于漏洞的关键信息: Title: ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit Advisory ID: ZSL-2021-5647 Type: Local/Remote Impact: Privilege Escalation Risk: (4/5) Release Date: 01.04.2021 Vendor: - Zhejiang BC&T TV Technology Co., Ltd. (ZBL) - http://www.zblchina.com - W&D Corporation (WAD TECHNOLOGY (THAILAND)) - http://www.wd-thailand.com Affected Version: - Firmware: V100R001 - Software model: HG104B-ZG-E / EONU-7114 / ZBL5932C CATV+PON Triple CPE - EONU ZBL Hardware Version V3.0 - Software: V2.46.02P6T5S - Main Chip: RTL9607 - Master Controller, Copyright (c) R&D Tested On: GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.1.3-OPEN Vendor Status: - 31.01.2021: Vulnerability discovered. - 01.02.2021: Contact with the vendor. - 01.04.2021: No response from the vendor. - 01.04.2021: Public security advisory released. PoC: zbl_router_privs.txt Credits: Vulnerability discovered by Gjoko Krstic - References: - [1] https://packetstormsecurity.com/files/162065/ - [2] https://www.exploit-db.com/exploits/49737 - [3] https://cxsecurity.com/issue/WLB-2021040001 - [4] https://exchange.xforce.ibmcloud.com/vulnerabilities/19302 Changelog: - 01.04.2021: Initial release - 02.04.2021: Added reference [1], [2] and [3] - 06.04.2021: Added reference [4]