CVE-2017-16953 – ZTE ZXDSL 831CII - Improper Access Restrictions

https://notcve.org/view.php?id=CVE-2017-16953

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. connoppp.cgi en dispositivos ZTE ZXDSL 831CII no requiere autenticación básica HTTP, lo que permite que los atacantes remotos modifiquen la configuración PPPoE o realicen una configuración maliciosa mediante una petición GET. ZTE ZXDSL 831 suffers from an insecure direct object reference vulnerability. • https://www.exploit-db.com/exploits/43188 http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762 • CWE-287: Improper Authentication •