CVE-2021-21745 PoC — ZTE MF971R LTE router 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-21745.yaml

Associated Vulnerability

Title:ZTE MF971R LTE router 授权问题漏洞 (CVE-2021-21745)
Description:ZTE MF971R LTE router是中国中兴通讯（ZTE）公司的一款路由器。 ZTE MF971R LTE router存在安全漏洞，攻击者可利用该漏洞向受害者发送精心构建的HTTP请求，绕过基于Referer的缓存。

Description

ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould
use this vulnerability to perform illegal authorization operations by sending a request to the user to click.

File Snapshot


 id: CVE-2021-21745

info:
  name: ZTE MF971R - Referer authentication bypass
  author: gy741
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!