header-logo
Suggest Exploit
vendor:
ZTE AC 3633R USB Modem
by:
Vishnu
7.5
CVSS
HIGH
Authentication Bypass, Denial of Service
287, 119
CWE
Product Name: ZTE AC 3633R USB Modem
Affected Version From: 3633R
Affected Version To: 3633R
Patch Exists: NO
Related CWE:
CPE: a:zte:ac3633r_firmware
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2015

ZTE AC 3633R USB Modem Multiple Vulnerabilities

The ZTE AC 3633R USB Modem is vulnerable to an authentication bypass vulnerability, allowing an attacker to gain administrative access. It is also vulnerable to a denial of service vulnerability, causing the modem to crash and reboot. This crash may lead to remote code execution and root privilege on the device.

Mitigation:

The vendor should release a patch to fix the authentication bypass vulnerability and prevent the device from crashing when fed with a large input.
Source

Exploit-DB raw data:

# Exploit Title: ZTE AC 3633R USB Modem Multiple Vulnerabilities
# Date: 4/06/2015
# Exploit Author: [Vishnu (@dH3wK)
# Vendor Homepage: [http://zte.com.cn
# Version: 3633R
# Tested on: Windows, Linux


Greetings from vishnu (@dH4wk)

1. Vulnerable Product Version

- ZTE AC3633R (MTS Ultra Wifi Modem)

2. Vulnerability Information

(A) Authentication Bypass
Impact: Attacker gains administrative access
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES

(B) Device crash which results in reboot
Impact: Denial of service, The crash may lead to RCE locally thus
attaining root privilege on the device
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES

3. Vulnerability Description

(A) The administrative authentication mechanism of the modem can be
bypassed by feeding with a string of 121 characters in length, either in
username or password field.

(B) A crash causes the modem to restart. This is caused when either of
the password or username fields are fed with an input of 130 characters
or above.

[Note: If username is targeted for exploitation, then password field shall
be fed with minimum 6 characters (any characters) and vice versa ]

Navigation

Suggest Exploit

Services By CQR