Shenzhen Zhibotong Electronics ZBT WE2001 Path Traversal Vulnerability Allowing Authentication Bypass and Administrative Access

Vulnerability

A path traversal vulnerability has been identified in the check_token function of the Shenzhen Zhibotong Electronics ZBT WE2001 router, specifically in the 23.09.27 version. This vulnerability allows remote attackers to bypass authentication and execute administrative actions by sending a specially crafted session cookie. The issue arises from improper validation of cookie values, enabling unauthorized access to administrative functions.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting attackers administrative privileges on the affected device.

Added: Feb 11, 2026, 5:45 PM

Updated: Feb 11, 2026, 6:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Zhibotong Electronics ZBT WE2001 Path Traversal Vulnerability Allowing Authentication Bypass and Administrative Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating