CVE-2014-9027 – ZXDSL 831CII Cross Site Request Forgery

https://notcve.org/view.php?id=CVE-2014-9027

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. Múltiples vulnerabilidades de CSRF en ZTE ZXDSL 831CII permiten a atacantes remotos secuestrar la autenticación de los administradores mediante peticiones que inhabilitan los puertos del módem LAN en los parámetros (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, o (7) enblssh en accesslocal.cmd. ZXDSL 831CII suffers from a cross site request forgery vulnerability. • http://packetstormsecurity.com/files/129041 https://exchange.xforce.ibmcloud.com/vulnerabilities/98590 • CWE-352: Cross-Site Request Forgery (CSRF) •