CVE-2014-9027

ZTE ZXDSL 831CII - Cross-Site Request Forgery via accesslocal.cmd Parameters

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98590

Scores

EPSS 0.0090
EPSS Percentile 55.5%

Details

CWE
CWE-352
Status published
Products (1)
zteusa/zxdsl_831cii
Published Nov 20, 2014
Tracked Since Feb 18, 2026