CVE-2014-9027
ZTE ZXDSL 831CII - Cross-Site Request Forgery via accesslocal.cmd Parameters
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98590
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129041
Scores
EPSS
0.0090
EPSS Percentile
55.5%
Details
CWE
CWE-352
Status
published
Products (1)
zteusa/zxdsl_831cii
Published
Nov 20, 2014
Tracked Since
Feb 18, 2026