CVE-2014-8493 – ZTE ZXHN H108L Authentication Bypass

Posted by Project Zero Labs on Nov 17

About the software
==================

ZTE ZXHN H108L is provided by some large Greek ISPs to their
subscribers.

Vulnerability Details
=====================

CWMP configuration is accessible only through the Administrator account.
CWMP is a protocol widely used by ISPs worldwide for remote provisioning
and troubleshooting their subscribers’ equipment. However editing the
CWMP configuration (more specifically sending the POST request)…

Leave a Reply