Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtIbad Shah1337DAY-ID-29069
HistoryNov 28, 2017 - 12:00 a.m.

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

2017-11-2800:00:00
Ibad Shah
0day.today
19

0.031 Low

EPSS

Percentile

91.2%

JSON

Exploit for hardware platform in category web applications

# Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access
# Exploit Author: Ibad Shah
# Vendor Homepage: zte.com.cn
# Software Link: -
# Version: - ZXDSL - 831CII
# Tested on: Windows 10
# CVE :- 2017-16953
 
======================================= 
The Router usually servers html files & are protected with HTTP Basic
Authentication. However, the CGI files does not protect this file from
getting exposed to public. A Simple GET request would be needed to
made to router that would give a remote attacker an opportunity to
modify router PPPoE configurations, setup malicious configurations
which later could lead to disrupt network & its activities.
 
 
Proof Of Concept
================
http://192.168.1.1/connoppp.cgi

#  0day.today [2018-01-08]  #

Related

packetstorm 1
prion 1
cvelist 1
openvas 1
nvd 1
cve 1
packetstorm
packetstorm
ZTE ZXDSL 831 Unauthorized Configuration Access Bypass
2017-11-27 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-12-01 17:29:00
cvelist
cvelist
CVE-2017-16953
2017-12-01 17:00:00
openvas
openvas
ZTE ZXDSL 831CII Access Bypass Vulnerability
2017-11-28 00:00:00
nvd
nvd
CVE-2017-16953
2017-12-01 17:29:00
cve
cve
CVE-2017-16953
2017-12-01 17:29:00

0.031 Low

EPSS

Percentile

91.2%

JSON
Related for 1337DAY-ID-29069
packetstorm1prion1cvelist1openvas1nvd1cve1