EIP-2026-102138

PRE-CVE

ZTE ZXDSL 831CII - Insecure Direct Object Reference

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102138. PoCs published by Paulos Yibelo.

AI-analyzed exploit summary The exploit demonstrates an insecure direct object reference vulnerability in ZTE ZXDSL 831CII modems, allowing authentication bypass by accessing CGI files directly without HTTP Basic authentication. This grants unauthorized access to sensitive functions like password changes and configuration uploads.

Description

ZTE ZXDSL 831CII - Insecure Direct Object Reference

Exploits (1)

exploitdb WORKING POC

by Paulos Yibelo · textwebappshardware

https://www.exploit-db.com/exploits/35203

View Code ZIP pw:eip

The exploit demonstrates an insecure direct object reference vulnerability in ZTE ZXDSL 831CII modems, allowing authentication bypass by accessing CGI files directly without HTTP Basic authentication. This grants unauthorized access to sensitive functions like password changes and configuration uploads.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZTE ZXDSL 831CII

No auth needed

Prerequisites: Network access to the modem's web interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026