CVE-2014-2321

EXPLOITED NUCLEI

ZTE F460 and F660 - Unauthenticated Remote Command Execution via web_shell_cmd.gch

Title source: llm

Exploitation Summary

CVE-2014-2321 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including injectionmethod. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a Go-based exploit for CVE-2014-2321, targeting ZTE routers via command injection in the web_shell_cmd.gch endpoint. It includes payloads to download and execute a malicious binary. Additional scripts automate the setup of scanning tools like ZMap.

Description

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.

Exploits (3)

nomisec WORKING POC 3 stars

by injectionmethod · poc

https://github.com/injectionmethod/ZTE-Vuln-4-Skids

View Code ZIP pw:eip

The repository contains a Go-based exploit for CVE-2014-2321, targeting ZTE routers via command injection in the web_shell_cmd.gch endpoint. It includes payloads to download and execute a malicious binary. Additional scripts automate the setup of scanning tools like ZMap.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ZTE routers (specific version not specified)

No auth needed

Prerequisites: Network access to vulnerable ZTE router · Ability to send HTTP POST requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by injectionmethod · poc

https://github.com/injectionmethod/Windows-ZTE-Loader

View Code ZIP pw:eip

This repository contains a README describing a method to exploit CVE-2014-2321 using ZMap or BigEar for scanning, but no actual exploit code is provided. The description suggests piping scan output into a ZTE application for exploitation.

Classification

Writeup 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: ZTE Loader (version unspecified)

No auth needed

Prerequisites: ZMap or BigEar for scanning · Piping scan output into the ZTE application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote

https://github.com/threat9/routersploit

View Code ZIP pw:eip

This repository contains the RouterSploit framework, an open-source exploitation framework for embedded devices. It includes modules for exploits, credential testing, scanners, payloads, and generic attacks, with a focus on embedded systems like routers and cameras.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Embedded devices (routers, cameras, etc.)

No auth needed

Prerequisites: Python 3.6+ · requests · paramiko · pysnmp · pycrypto

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

ZTE Cable Modem Web Shell

CRITICALby geeknik

Shodan: cpe:"cpe:2.3:h:zte:f460"

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://www.myxzy.com/post-411.html

Exploit x_refsource_misc

https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/600724

Scores

EPSS 0.9201

EPSS Percentile 99.7%

Details

VulnCheck KEV 2021-08-19

CWE

CWE-264

Status published

Products (2)

zte/f460

zte/f660

Published Mar 11, 2014

Tracked Since Feb 18, 2026