CVE-2014-2321

EXPLOITED NUCLEI

ZTE F460/F660 - RCE

Title source: llm

Description

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.

Exploits (3)

nomisec WORKING POC 3 stars

by injectionmethod · poc

https://github.com/injectionmethod/ZTE-Vuln-4-Skids

View Code ZIP pw:eip

nomisec WRITEUP

by injectionmethod · poc

https://github.com/injectionmethod/Windows-ZTE-Loader

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/threat9/routersploit

View Code ZIP pw:eip

Nuclei Templates (1)

ZTE Cable Modem Web Shell

CRITICALby geeknik

Shodan: cpe:"cpe:2.3:h:zte:f460"

References (3)

[US Government Resource] http://www.kb.cert.org/vuls/id/600724

[Various Sources] http://www.myxzy.com/post-411.html

[Exploit] https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor

Scores

EPSS 0.9201

EPSS Percentile 99.7%

Details

VulnCheck KEV 2021-08-19

CWE

CWE-264

Status published

Products (2)

zte/f460

zte/f660

Published Mar 11, 2014

Tracked Since Feb 18, 2026