7.5

CVE-2017-16953

Exploit
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZteZxdsl 831cii Firmware Version-
   ZteZxdsl 831cii Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.26% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html
Third Party Advisory
Exploit
VDB Entry
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762
https://www.exploit-db.com/exploits/43188/
Third Party Advisory
VDB Entry