PT-2014-8789 · Zte · Zte Zxdsl 831Cii
Publicado
2014-11-20
·
Atualizado
2018-10-09
·
CVE-2014-9019
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ZTE ZXDSL 831CII (affected versions not specified)
Description
The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, including changing the admin user name or conducting cross-site scripting (XSS) attacks via the
sysUserName parameter in a save action to "adminpasswd.cgi", or changing the admin user password via the sysPassword parameter in a save action to "adminpasswd.cgi".Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zte Zxdsl 831Cii