A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
An attacker sends a crafted session cookie value to the check_token function, which does not properly filter path traversal sequences. As a result, the authentication verification mechanism is completely bypassed. Exploitation requires no authentication, knowledge of an account, or any user interaction on the device.
An attacker gains the ability to perform arbitrary administrative actions on the device, leading to complete loss of confidentiality, integrity, and availability of the system — including potential configuration changes, network takeover, or use of the device as an entry point to the infrastructure.
Patches available from the manufacturer should be applied in accordance with the references. Until updates are deployed, it is recommended to restrict access to the device management interface only to trusted network segments and monitor traffic for suspicious requests with non-standard cookie values.
Shenzhen Zhibotong Electronics ZBT WE2001 in firmware version 23.09.27
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H