Login Sign Up

CVE-2021-31349

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

This CVE describes an authentication bypass vulnerability in Juniper Networks 128 Technology Session Smart Router where an attacker can use an internal HTTP header to bypass authentication. This allows attackers to view internal files, change settings, manipulate services, and execute arbitrary code. All versions prior to 4.5.11 and all 5.0 versions up to and including 5.0.1 are affected.

💻 Affected Systems

Products:
  • Juniper Networks 128 Technology Session Smart Router
Versions: All versions prior to 4.5.11, and all 5.0 versions up to and including 5.0.1
Operating Systems: Router-specific OS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable; no special configuration required for exploitation

📦 What is this software?

128 Technology Session Smart Router Firmware by Juniper

View all CVEs affecting 128 Technology Session Smart Router Firmware →

128 Technology Session Smart Router Firmware by Juniper

View all CVEs affecting 128 Technology Session Smart Router Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level arbitrary code execution, configuration manipulation, and data exfiltration

🟠

Likely Case

Unauthorized access to sensitive configuration files, service manipulation, and potential lateral movement

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication if device is internet-facing
🏢 Internal Only: HIGH - Even internally, this provides full system compromise capabilities

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted HTTP requests with internal headers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.11 or 5.0.2

Vendor Advisory: https://kb.juniper.net/JSA11256

Restart Required: Yes

Instructions:

1. Download the patched version from Juniper support portal. 2. Backup current configuration. 3. Install the update following Juniper's upgrade procedures. 4. Reboot the router. 5. Verify the new version is running.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to the router's management interface to trusted IP addresses only

Configure firewall rules to limit access to router management IP/ports

🧯 If You Can't Patch

  • Isolate affected routers in separate network segments with strict access controls
  • Implement network monitoring for suspicious HTTP requests to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router version via CLI: show version

Check Version:

show version

Verify Fix Applied:

Verify version is 4.5.11 or higher, or 5.0.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to management interface
  • Authentication bypass attempts
  • Configuration changes from unauthorized sources

Network Indicators:

  • HTTP requests with unusual headers to router management ports
  • Traffic patterns indicating unauthorized access

SIEM Query:

source="router_logs" AND (http_header="*internal*" OR auth_bypass="true")

📊 Metadata

CVE ID: CVE-2021-31349
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: October 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31349, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)