Proof-of-concepts rather than advisories, making it a valuable resource for those who need The Exploit Database is a repository for exploits and Lists, as well as other public sources, and present them in a freely-available andĮasy-to-navigate database. The most comprehensive collection of exploits gathered through direct submissions, mailing Non-profit project that is provided as a public service by Offensive Security.Ĭompliant archive of public exploits and corresponding vulnerable software,ĭeveloped for use by penetration testers and vulnerability researchers. That provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is maintained by Offensive Security, an information security training company ZTE response states that ISP should be contacted First communication attempt to both vendor and ISP Also because the router lacks of CSRF protection, malicious JS code can be deployed in order to exploit the vulnerability through a malicious web page. Exploitation can be performed by LAN users or through the Internet if the router is configured to expose the web interface to WAN. The described vulnerability allows any unauthenticated user to edit the CWMP configuration.
# router will connect back to the ACS server. When a request is made to the following URL, using the specified user/pass combination, However editing the CWMP configuration (more specifically sending the POST request) does not require any user authentication.įirmware Version : ZXHN H108LV4.0.0d_ZRQ_GR4 CWMP is a protocol widely used by ISPs worldwide for remote provisioning and troubleshooting their subscribers' equipment. ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers.ĬWMP configuration is accessible only through the Administrator account.
0 kommentar(er)
