Improper Access Control and Path Traversal Vulnerabilities in ZXR10 Next-Generation Access Router

Original release date: 10 August 2017

Update date: 25 September 2017

 

CVE IDs

CVE-2017-10930

CVE-2017-10931

 

CVSS 3.0 Base Score

CVE-2017-10930:

9.8 Critical (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2017-10931:

7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

 

Affected Product

ZXR10 1800-2S

 

Affected Versions

All versions prior to v3.00.40

 

Description

Improper Access Control:

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

Path Traversal:

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

 

Workaround

The general configuration interface of ZXR10 1800-2S is mainly of CLI command lines while WEB based configuration is a supplementary way. In order to minimize the impact of the security issues, users are suggested to close the WEB Service and use the CLI interface to configure the device.

 

Resolution

Users may upgrade or change to new versions after v3.00.40.

 

Credit

Thanks to Netfairy of Kuangn Network for reporting the security issues to ZTE PSIRT.

 

References

CVE-2015-7250 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7250)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1006863

 

Update Records

10 August 2017, initial.

25 September 2017, CVE ID assingned.

 

ZTE PSIRT

If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]