Posted by Project Zero Labs on Nov 17
About the software
==================
ZTE ZXHN H108L is provided by some large Greek ISPs to their
subscribers.
Vulnerability Details
=====================
CWMP configuration is accessible only through the Administrator account.
CWMP is a protocol widely used by ISPs worldwide for remote provisioning
and troubleshooting their subscribers’ equipment. However editing the
CWMP configuration (more specifically sending the POST request)…