CVE-2019-3422

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

Severity Score

6.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Sec Consult Security Lab reported an information disclosure vulnerability in MF910S product to ZTE PSIRT in October 2019. Through the analysis of related product team, the information disclosure vulnerability is confirmed. The MF910S product's one-click upgrade tool can obtain the Telnet remote login password in the reverse way. If Telnet is opened, the attacker can remotely log in to the device through the cracked password, resulting in information leakage. The MF910S was end of service on October 23, 2019, ZTE recommends users to choose new products for the purpose of better security.

El Laboratorio de seguridad Sec Consult reportó una vulnerabilidad de divulgación de información en el producto MF910S en ZTE PSIRT en octubre de 2019. A través del análisis del equipo de producto relacionado, se confirma la vulnerabilidad de divulgación de información. La herramienta de actualización con una sola acción de clic del producto MF910S puede obtener la contraseña de inicio de sesión remoto de Telnet de forma inversa. Si se abre Telnet, el atacante puede iniciar sesión remotamente en el dispositivo por medio de la contraseña descifrada, resultando en una fuga de información. El MF910S finalizó el servicio el 23 de octubre de 2019, ZTE recomienda a usuarios que elijan nuevos productos con el fin de una mejor seguridad.

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-31 CVE Reserved
2019-11-07 CVE Published
2024-08-04 CVE Updated
2024-10-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source
http://packetstormsecurity.com/files/158990/ZTE-Mobile-Hotspot-MS910S-Backdoor-Hardcoded-Password.html	X_refsource_misc
http://seclists.org/fulldisclosure/2020/Aug/20	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011722	2020-08-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zte Search vendor "Zte"	Mf910s Firmware Search vendor "Zte" for product "Mf910s Firmware"	-	-	Affected	in	Zte Search vendor "Zte"	Mf910s Search vendor "Zte" for product "Mf910s"	-	-	Safe