PT-2014-8789 · Zte · Zte Zxdsl 831Cii

Published

2014-11-20

Updated

2018-10-09

CVE-2014-9019

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ZTE ZXDSL 831CII (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, including changing the admin user name or conducting cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to "adminpasswd.cgi", or changing the admin user password via the sysPassword parameter in a save action to "adminpasswd.cgi".

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2014-9019

Affected Products

Zte Zxdsl 831Cii

PT-2014-8789 · Zte · Zte Zxdsl 831Cii

CVE-2014-9019

Weakness Enumeration

Related Identifiers

Affected Products

References · 5