The Exploit Database is maintained by Offensive Security, an information security training company ZTE response states that ISP should be contacted First communication attempt to both vendor and ISP Also because the router lacks of CSRF protection, malicious JS code can be deployed in order to exploit the vulnerability through a malicious web page. Exploitation can be performed by LAN users or through the Internet if the router is configured to expose the web interface to WAN. ![]() The described vulnerability allows any unauthenticated user to edit the CWMP configuration. ![]() # router will connect back to the ACS server. When a request is made to the following URL, using the specified user/pass combination, However editing the CWMP configuration (more specifically sending the POST request) does not require any user authentication.įirmware Version : ZXHN H108LV4.0.0d_ZRQ_GR4 CWMP is a protocol widely used by ISPs worldwide for remote provisioning and troubleshooting their subscribers' equipment. ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers.ĬWMP configuration is accessible only through the Administrator account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |