[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAAnZqX-k2V4p=2jo=91JnGpB9smA37AoAOx3_fwjXSXCXuUJ1Q@mail.gmail.com>
Date: Tue, 28 Nov 2017 15:23:34 +0200
From: Maor Shwartz <maors@...ondsecurity.com>
To: fulldisclosure@...lists.org
Cc: SecuriTeam Secure Disclosure <ssd@...ondsecurity.com>
Subject: [FD] SSD Advisory – ZTE ZXDSL Configuration Reset
SSD Advisory – ZTE ZXDSL Configuration Reset
Full report: https://blogs.securiteam.com/index.php/archives/3546
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerability Summary
The following advisory describes a configuration reset vulnerability found
in ZTE ZXDSL 831CII version 6.2.
ZXDSL 831CII is “an ADSL access device to support multiple line modes. It
supports ADSL2/ADSL2+ and is backward compatible to ADSL, even offers
auto-negotiation capability for different flavors (G.dmt, T1.413 Issue 2)
according to central office DSLAM’s settings (Digital Subscriber Line
Access Multiplexer). It provides four 10/100Base-T Ethernet interfaces at
the user end. Utilizing the high-speed ADSL connection, the ZXDSL 831CII
can provide users with broadband connectivity to the Internet.”
Credit
An independent security researcher has reported this vulnerability to
Beyond Security’s SecuriTeam Secure Disclosure program
Vendor response
ZTE was informed of the vulnerability, their response was: “According to
the related product team reply, the affected product 831CII V6.2 has
already ended sales and is no longer maintained by ZTE in 2011.
831CII V2.0, the substitute product of 831CII V6.2, has also already been
out of the service in 2015.
Right now, 831CII V2.0’s substitute product is ZXHN H108 V2.5.”
Vulnerability details
User controlled input is not sufficiently sanitized and allows
unauthenticated user to send a GET request to /resetrouter.cgi with
parameter lanRefresh=0
Successful exploitation of this vulnerability enables a remote
unauthenticated user to restart the configuration of the device.
--
Thanks
Maor Shwartz
Beyond Security
GPG Key ID: 6D273779F52A9FC2
Download attachment "SSD Advisory – ZTE ZXDSL Configuration Reset.pdf" of type "application/pdf" (104268 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists