cbcvebase.
CVE-2017-16953
published 2017-12-01

CVE-2017-16953: connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up…

PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
11.26%
95.4th percentile
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://192.168.1.1/connoppp.cgi
path/connoppp.cgi
  • Detect unauthenticated HTTP GET requests to /connoppp.cgi on ZTE ZXDSL 831CII devices, which requires no HTTP Basic Authentication header.
  • Alert on any GET request to /connoppp.cgi originating from outside the local network, as this endpoint allows unauthenticated PPPoE configuration modification.
  • ·The proof-of-concept uses the default gateway IP 192.168.1.1; the actual device IP may differ per deployment. Detection rules should match on the path /connoppp.cgi regardless of destination IP.
  • ·The vulnerability affects the CGI endpoint specifically; HTML files on the same device are protected by HTTP Basic Authentication, so the absence of an Authorization header on /connoppp.cgi is the key distinguishing factor.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.