CVE-2014-8493
ZTE ZXHN H108L Firmware 4.0.0d_ZRQ_GR4 - Unauthenticated CWMP Configuration Modification
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2014-8493. PoCs published by Project Zero Labs.
AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in ZTE ZXHN H108L routers, allowing unauthenticated users to modify CWMP (TR-069) configuration settings via a POST request. The PoC sends a crafted payload to the router's web interface, enabling an attacker to redirect the device to a malicious ACS server.
Description
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
Exploits (2)
This exploit demonstrates an authentication bypass vulnerability in ZTE ZXHN H108L routers, allowing unauthenticated users to modify CWMP (TR-069) configuration settings via a POST request. The PoC sends a crafted payload to the router's web interface, enabling an attacker to redirect the device to a malicious ACS server.
This exploit demonstrates an authentication bypass vulnerability in ZTE ZXHN H108L routers by sending a crafted POST request to the CWMP configuration endpoint without requiring authentication. It allows an attacker to modify CWMP settings, potentially redirecting the router to a malicious ACS server.