ZTE ZXDSL 831 Unauthorized Configuration Access

vendor:

ZXDSL 831CII

by:

Ibad Shah

7,5

CVSS

HIGH

Unauthorized Configuration Access

287

CWE

Product Name: ZXDSL 831CII

Affected Version From: ZXDSL - 831CII

Affected Version To: ZXDSL - 831CII

Patch Exists: NO

Related CWE: 2017-16953

CPE: h:zte:zxdsl_831cii

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 10

2017

ZTE ZXDSL 831 Unauthorized Configuration Access

The Router usually servers html files & are protected with HTTP Basic Authentication. However, the CGI files does not protect this file from getting exposed to public. A Simple GET request would be needed to made to router that would give a remote attacker an opportunity to modify router PPPoE configurations, setup malicious configurations which later could lead to disrupt network & its activities.

Mitigation:

Ensure that all CGI files are protected with HTTP Basic Authentication.

Source

Exploit-DB raw data:

# Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access
# Date: 27/11/2017
# Exploit Author: Ibad Shah
# Vendor Homepage: zte.com.cn
# Software Link: -
# Version: - ZXDSL - 831CII
# Tested on: Windows 10
# CVE :- 2017-16953

======================================= 
The Router usually servers html files & are protected with HTTP Basic
Authentication. However, the CGI files does not protect this file from
getting exposed to public. A Simple GET request would be needed to
made to router that would give a remote attacker an opportunity to
modify router PPPoE configurations, setup malicious configurations
which later could lead to disrupt network & its activities.


Proof Of Concept
================
http://192.168.1.1/connoppp.cgi