CVE-2014-9027

Name of the Vulnerable Software and Affected Versions ZTE ZXDSL 831CII (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The requests in question are related to disabling modem LAN ports. The vulnerable parameters involved are enblftp, enblhttp, enblsnmp, enbltelnet, enbltftp, enblicmp, and enblssh, which are used in the accesslocal.cmd endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.