Unauthenticated Remote Configuration Modification in ZTE ZXDSL 831CII Devices

Unauthenticated Remote Configuration Modification in ZTE ZXDSL 831CII Devices

CVE-2017-16953 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.

Learn more about our Web Application Penetration Testing UK.