Summary
ZTE F460/F660 are prone to an unauthorized-access vulnerability.
Impact
Attackers can exploit this issue to execute arbitrary commands with administrator level access on the affected device. This may aid in further attacks.
Solution
Ask the Vendor for an update.
Insight
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests
Detection
Try to execute the 'ifconfig' command with a HTTP GET request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2321 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Atmail Multiple Unspecified Security Vulnerabilities.
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities