ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
BID:50606
Info
ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
| Bugtraq ID: | 50606 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 08 2011 12:00AM |
| Updated: | Nov 08 2011 12:00AM |
| Credit: | Mehdi Boukazoula and Ibrahim Debeche |
| Vulnerable: |
ZTE Corporation ZXDSL 831-II 7.5.0a_Z29_OV |
| Not Vulnerable: | |
Discussion
ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
ZTE ZXDSL 831-II is prone to a cross-site request-forgery vulnerability and an information-disclosure vulnerability.
Attackers can exploit the information-disclosure issue to obtain sensitive information that may aid in launching further attacks.
Exploiting the cross-site request-forgery may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
ZTE ZXDSL 831-II is prone to a cross-site request-forgery vulnerability and an information-disclosure vulnerability.
Attackers can exploit the information-disclosure issue to obtain sensitive information that may aid in launching further attacks.
Exploiting the cross-site request-forgery may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
Exploit / POC
ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit the cross-site request-forgery issue, an attacker must entice an unsuspecting victim to open a malicious URI.
Attackers can use a browser to exploit these issues. To exploit the cross-site request-forgery issue, an attacker must entice an unsuspecting victim to open a malicious URI.
Solution / Fix
ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ZTE ZXDSL 831-II Modem Information Disclosure and Cross Site Request Forgery Vulnerabilities
References:
References:
- ZXDSL 831II Homepage (ZTE Corporation)