Unauthenticated Remote Configuration Modification in ZTE ZXDSL 831CII Devices
CVE-2017-16953 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
Learn more about our Web Application Penetration Testing UK.