CVE-2012-4746

ZTE ZXDSL 831IIV7.5.0a_Z29_OV - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4746. PoCs published by Nuevo Asesino, mehdi boukazoula.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in ZTE ZXDSL 831II routers to change the admin password to '123456' without authentication. The HTML form auto-submits upon page load, triggering the password change.

Description

Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter.

Exploits (2)

exploitdb WORKING POC
by Nuevo Asesino · textwebappscgi
https://www.exploit-db.com/exploits/18722

This exploit leverages a CSRF vulnerability in ZTE ZXDSL 831II routers to change the admin password to '123456' without authentication. The HTML form auto-submits upon page load, triggering the password change.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ZTE ZXDSL 831IIV7.5.0a_Z29_OV
No auth needed
Prerequisites: Victim must visit the malicious HTML page · Target router must be accessible and vulnerable
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by mehdi boukazoula · textwebappshardware
https://www.exploit-db.com/exploits/18061

This exploit demonstrates an authentication bypass and CSRF vulnerability in ZTE ZXDSL 831IIV7.5.0a_Z29_OV routers. It allows unauthenticated access to user and admin accounts via crafted URLs and reveals default credentials in the source code of 'accessaccount.cgi'.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ZTE ZXDSL 831IIV7.5.0a_Z29_OV
No auth needed
Prerequisites: Network access to the router's web interface · Knowledge of the router's IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18722

Scores

EPSS 0.0109
EPSS Percentile 61.2%

Details

CWE
CWE-352
Status published
Products (1)
zte/zxdsl 831iiv7.5.0a_z29_ov
Published Aug 31, 2012
Tracked Since Feb 18, 2026