Описание
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:zxdsl_831cii_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxdsl_831cii:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.18122
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
EPSS
Процентиль: 95%
0.18122
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287