CVE-2017-16953
published 2017-12-01CVE-2017-16953: connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up…
PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
11.26%
95.4th percentile
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to /connoppp.cgi on ZTE ZXDSL 831CII devices, which requires no HTTP Basic Authentication header. ↗
- →Alert on any GET request to /connoppp.cgi originating from outside the local network, as this endpoint allows unauthenticated PPPoE configuration modification. ↗
- ·The proof-of-concept uses the default gateway IP 192.168.1.1; the actual device IP may differ per deployment. Detection rules should match on the path /connoppp.cgi regardless of destination IP. ↗
- ·The vulnerability affects the CGI endpoint specifically; HTML files on the same device are protected by HTTP Basic Authentication, so the absence of an Authorization header on /connoppp.cgi is the key distinguishing factor. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.htmlhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762https://www.exploit-db.com/exploits/43188/http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.htmlhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762https://www.exploit-db.com/exploits/43188/
2017-12-01
Published