ZTE F460/F660 Backdoor Unauthorized Access Vulnerability Network Vulnerability

Summary

ZTE F460/F660 are prone to an unauthorized-access vulnerability.

Impact

Attackers can exploit this issue to execute arbitrary commands with administrator level access on the affected device. This may aid in further attacks.

Solution

Ask the Vendor for an update.

Insight

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests

Detection

Try to execute the 'ifconfig' command with a HTTP GET request and check the response.

References

http://www.securityfocus.com/bid/65962

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2321
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Avenger's News System Command Execution
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Apache Tomcat AJP Protocol Security Bypass Vulnerability
artmedic_links5 File Inclusion Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability

Take action and discover your vulnerabilities