CVE-2021-47741
Unknown Unknown - Not Provided
Privilege Escalation in ZBL EPON ONU Router via Config Access

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47741
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
goahead web_server 2.5.0
peersec matrixssl 3.1.3-open
zhejiang_bc&tv_technology_co.,_ltd. zbl_epon_onu_broadband_router 1.0
zhejiang_bc&tv_technology_co.,_ltd. zbl_epon_onu_broadband_router 1.0
zhejiang_bc&tv_technology_co.,_ltd. zbl_epon_onu_broadband_router 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the ZBL EPON ONU Broadband Router V100R001 allows a limited administrative user to escalate their privileges to super user by sending crafted HTTP requests to specific configuration endpoints. By accessing the configuration backup endpoint or the password management page, an attacker can retrieve the super user password in plaintext. This enables the attacker to gain full control over the device and access privileged functionalities that should be restricted. [1, 2, 3]

Impact Analysis

This vulnerability can have a significant impact by allowing an attacker with limited administrative access to gain super user privileges on the affected router. Once the attacker obtains super user credentials, they can fully control the device, potentially altering configurations, intercepting or redirecting network traffic, and compromising the security and availability of the network connected to the router. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by sending crafted HTTP GET or POST requests to specific endpoints on the ZBL EPON ONU Broadband Router's web interface. For example, sending a POST request to the configuration backup endpoint (/HG104B-ZG-E.config) with parameters such as CMD=CONFIG&GO=index.asp&TYPE=CONFIG&files= can return configuration data including super user credentials. Similarly, a GET request to the /system_password.asp page reveals JavaScript arrays containing super user credentials. These requests can be performed using tools like curl or wget to check if the super user password is disclosed in the response, indicating the presence of the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, especially limiting access to the configuration backup and password management endpoints. Change default credentials from admin:admin to strong, unique passwords. If possible, disable remote administrative access or restrict it via firewall rules. Monitor for unauthorized access attempts and apply any available firmware updates or patches from the vendor addressing this vulnerability. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47741. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart