CVE-2021-35296 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2021-35296?

CVE-2021-35296 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication on PTCL HG150-Ub v3.0 routers by manipulating cookie values and response paths. Attackers can gain administrative access without valid credentials. This affects all users of the vulnerable router model.

📋 TL;DR

This vulnerability allows attackers to bypass authentication on PTCL HG150-Ub v3.0 routers by manipulating cookie values and response paths. Attackers can gain administrative access without valid credentials. This affects all users of the vulnerable router model.

💻 Affected Systems

Products:

PTCL HG150-Ub

Versions: v3.0

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific model and version mentioned. Other PTCL models may not be vulnerable.

📦 What is this software?

Hg150 Ub Firmware by Ptcl

View all CVEs affecting Hg150 Ub Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to reconfigure network settings, intercept traffic, install malware, or use the router as an attack platform.

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, DNS hijacking, or credential theft from connected devices.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted administrative interface access.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices with administrative interfaces exposed.

🏢 Internal Only: MEDIUM - Attackers on the local network could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Attack requires network access to the router's administrative interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact PTCL for firmware updates or replacement options.

🔧 Temporary Workarounds

Disable remote administration

all

Turn off remote access to the router's administrative interface

Change default credentials

all

Change default admin passwords even though bypass exists, as additional protection layer

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Place router behind firewall with strict inbound rules blocking administrative interface access

🔍 How to Verify

Check if Vulnerable:

Check router model and firmware version via web interface or device label. If PTCL HG150-Ub v3.0, assume vulnerable.

Check Version:

Login to router web interface and check System Information or About page

Verify Fix Applied:

Test authentication bypass using public PoC. If authentication required, vulnerability may be mitigated.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful admin access
Admin access from unusual IP addresses
Configuration changes without proper authentication logs

Network Indicators:

HTTP requests to admin panel with modified cookie values
Unusual administrative traffic patterns

SIEM Query:

source="router_logs" AND (event="admin_login" AND result="success" AND NOT auth_method="password")

📊 Metadata

CVE ID: CVE-2021-35296

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: October 4, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/afaq1337/CVE-2021-35296 Exploit,Third Party Advisory
https://github.com/afaq1337/CVE-2021-35296 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35296, you might also want to check these: