Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormIbad ShahPACKETSTORM:145121
HistoryNov 27, 2017 - 12:00 a.m.

ZTE ZXDSL 831 Unauthorized Configuration Access Bypass

2017-11-2700:00:00
Ibad Shah
packetstormsecurity.com
20

0.031 Low

EPSS

Percentile

91.2%

JSON
`# Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access  
# Date: 27/11/2017  
# Exploit Author: Ibad Shah  
# Vendor Homepage: zte.com.cn  
# Software Link: -  
# Version: - ZXDSL - 831CII  
# Tested on: Windows 10  
# CVE :- 2017-16953  
  
=======================================   
The Router usually servers html files & are protected with HTTP Basic  
Authentication. However, the CGI files does not protect this file from  
getting exposed to public. A Simple GET request would be needed to  
made to router that would give a remote attacker an opportunity to  
modify router PPPoE configurations, setup malicious configurations  
which later could lead to disrupt network & its activities.  
  
  
Proof Of Concept  
================  
http://192.168.1.1/connoppp.cgi   
  
  
`

Related

zdt 1
prion 1
cvelist 1
openvas 1
nvd 1
cve 1
zdt
zdt
ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability
2017-11-28 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-12-01 17:29:00
cvelist
cvelist
CVE-2017-16953
2017-12-01 17:00:00
openvas
openvas
ZTE ZXDSL 831CII Access Bypass Vulnerability
2017-11-28 00:00:00
nvd
nvd
CVE-2017-16953
2017-12-01 17:29:00
cve
cve
CVE-2017-16953
2017-12-01 17:29:00

0.031 Low

EPSS

Percentile

91.2%

JSON
Related for PACKETSTORM:145121
zdt1prion1cvelist1openvas1nvd1cve1