Zte · Zte Zxdsl 831 · CVE-2012-4746
**Name of the Vulnerable Software and Affected Versions**
ZTE ZXDSL 831IIV7.5.0a Z29 OV
**Description**
A cross-site request forgery issue allows remote attackers to hijack administrator authentication for requests that change the administrator password via the `sysPassword` parameter in the "accessaccount.cgi" endpoint.
**Recommendations**
For ZTE ZXDSL 831IIV7.5.0a Z29 OV, as a temporary workaround, consider restricting access to the "accessaccount.cgi" endpoint to minimize the risk of exploitation. Avoid using the `sysPassword` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.