CVE-2021-40856
HIGH EXPLOITED NUCLEIAuerswald COMfortel <2.8G - Auth Bypass
Title source: llmExploitation Summary
CVE-2021-40856 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.
Nuclei Templates (1)
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
HIGHby gy741
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.html
Exploit, Third Party Advisory x_refsource_misc
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
Scores
CVSS v3
7.5
EPSS
0.5106
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2025-06-07
CWE
CWE-706
Status
published
Products (3)
auerswald/comfortel_1400_ip_firmware
< 2.8f
auerswald/comfortel_2600_ip_firmware
< 2.8f
auerswald/comfortel_3600_ip_firmware
< 2.8f
Published
Dec 13, 2021
Tracked Since
Feb 18, 2026