CVE-2021-40856 PoC — Auerswald COMfortel 1400和2600 IP 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-40856.yaml

Associated Vulnerability

Title:Auerswald COMfortel 1400和2600 IP 授权问题漏洞 (CVE-2021-40856)
Description:Auerswald Comfortel 1400 Ip是德国Auerswald公司的一款 Ip 电话。 Auerswald COMfortel 1400和2600 IP桌面电话的web配置管理界面中存在安全漏洞。该漏洞允许访问基于web的管理界面中的配置数据和设置，而无需身份验证。2.8F及以下版本会受到影响。

Description

Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

File Snapshot


 id: CVE-2021-40856

info:
  name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!