CVE-2014-9183 – ZTE 831CII Hardcoded Credential / XSS / CSRF
https://notcve.org/view.php?id=CVE-2014-9183
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. ZTE ZXDSL 831CII tiene una contraseña de administración por defecto para la cuenta de administración, lo que permite a atacantes remotos ganar privilegios de administrador. ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html • CWE-255: Credentials Management Errors •
CVE-2014-9019 – ZTE 831CII Hardcoded Credential / XSS / CSRF
https://notcve.org/view.php?id=CVE-2014-9019
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi. Múltiples vulnerabilidades de CSRF en ZTE ZXDSL 831CII permiten a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que (1) cambian el nombre del usuario administrador o (2) realizan ataques XSS a través del parámetro sysUserName en una acción save (guardar) en adminpasswd.cgi o (3) cambian la contraseña del usuario de administración a través del parámetro sysPassword en una acción save (guardar) en adminpasswd.cgi. ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html http://www.securityfocus.com/archive/1/533930/100/0/threaded http://www.securityfocus.com/bid/70984 https://exchange.xforce.ibmcloud.com/vulnerabilities/98585 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-9184 – ZTE ZXDSL 831CII Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2014-9184
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi. ZTE ZXDSL 831CII permite a atacantes remotos evadir la autenticación a través de una solicitud directa a (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, o (6) connect.cgi. ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass. • http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html • CWE-287: Improper Authentication •