|
Original release date: 29 November 2017
CVE ID
CVE-2017-16953
Statement
ZTE ZXDSL 831CII V6.2 is vulnerable to remote root command execution due to its lacking of authorization control for the configuration access.
As 831CII V6.2 was end of sale and service in 2011, and its replacement version 831CII V2.0 was also end of sale and service in March 2015, we strongly recommend users to choose the replacement version H108N V2.5.
Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
We also would like to thank Ibad Shah for reporting the similar issue to ZTE PSIRT.
References
https://www.exploit-db.com/exploits/43188/
http://toutiao.secjia.com/zxdsl-831-uca-cve-2017-16953
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1006805
http://support.zte.com.cn/support/news/NewsDetail.aspx?newsId=1006384
Update Records
29 November 2017, initial.
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|