ZTE AC3633R (MTS Ultra Wifi Modem) Multiple Vulnerabilities

2015.05.20

Credit: vishnu

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Greetings from vishnu (@dH4wk)
1. Vulnerable Product Version
- ZTE AC3633R (MTS Ultra Wifi Modem)
2. Vulnerability Information
(A) Authentication Bypass
Impact: Attacker gains administrative access
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES
(B) Device crash which results in reboot
Impact: Denial of service, The crash may lead to RCE locally thus
attaining root privilege on the device
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES
3. Vulnerability Description
(A) The administrative authentication mechanism of the modem can be bypassed by feeding with a string of 121 characters in length, either in username or password field.
(B) A crash causes the modem to restart. This is caused when either of the password or username fields are fed with an input of 130 characters
or above.
[Note: If username is targeted for exploitation, then password field shall be fed with minimum 6 characters (any characters) and vice versa ]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ZTE AC3633R (MTS Ultra Wifi Modem) Multiple Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.