Is a categorized index of Internet search engine queries designed to uncover interesting,Īnd usually sensitive, information made publicly available on the Internet. Proof-of-concepts rather than advisories, making it a valuable resource for those who need The Exploit Database is a repository for exploits and Lists, as well as other public sources, and present them in a freely-available andĮasy-to-navigate database. The most comprehensive collection of exploits gathered through direct submissions, mailing
#Zte zxhn h108l firmware download archive#
Non-profit project that is provided as a public service by Offensive Security.Ĭompliant archive of public exploits and corresponding vulnerable software,ĭeveloped for use by penetration testers and vulnerability researchers. That provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is maintained by Offensive Security, an information security training company ZTE response states that ISP should be contacted First communication attempt to both vendor and ISP
#Zte zxhn h108l firmware download code#
Also because the router lacks of CSRF protection, malicious JS code can be deployed in order to exploit the vulnerability through a malicious web page. Exploitation can be performed by LAN users or through the Internet if the router is configured to expose the web interface to WAN. The described vulnerability allows any unauthenticated user to edit the CWMP configuration. # router will connect back to the ACS server. When a request is made to the following URL, using the specified user/pass combination, However editing the CWMP configuration (more specifically sending the POST request) does not require any user authentication.įirmware Version : ZXHN H108LV4.0.0d_ZRQ_GR4
CWMP is a protocol widely used by ISPs worldwide for remote provisioning and troubleshooting their subscribers' equipment. ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers.ĬWMP configuration is accessible only through the Administrator account. ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 Some ZTE products have CSRF vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6Ĥ Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.Ī ZTE product is impacted by improper access control vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. A ZTE product has an information leak vulnerability.