ZTE AC3633R (MTS Ultra Wifi Modem) Multiple Vulnerabilities

Credit: vishnu
Risk: Medium
Local: No
Remote: Yes

Greetings from vishnu (@dH4wk) 1. Vulnerable Product Version - ZTE AC3633R (MTS Ultra Wifi Modem) 2. Vulnerability Information (A) Authentication Bypass Impact: Attacker gains administrative access Remotely Exploitable: UNKNOWN Locally Exploitable: YES (B) Device crash which results in reboot Impact: Denial of service, The crash may lead to RCE locally thus attaining root privilege on the device Remotely Exploitable: UNKNOWN Locally Exploitable: YES 3. Vulnerability Description (A) The administrative authentication mechanism of the modem can be bypassed by feeding with a string of 121 characters in length, either in username or password field. (B) A crash causes the modem to restart. This is caused when either of the password or username fields are fed with an input of 130 characters or above. [Note: If username is targeted for exploitation, then password field shall be fed with minimum 6 characters (any characters) and vice versa ]

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com


Back to Top