Full Disclosure mailing list archives

By Date By Thread Multiple Vulnerabilities in ZTE AC 3633R USB Modem From: vishnu raju <rajuvishnu52 () gmail com>

Date: Tue, 19 May 2015 16:02:03 +0530

Greetings from vishnu (@dH4wk) 1. Vulnerable Product Version - ZTE AC3633R (MTS Ultra Wifi Modem) 2. Vulnerability Information (A) Authentication Bypass Impact: Attacker gains administrative access Remotely Exploitable: UNKNOWN Locally Exploitable: YES (B) Device crash which results in reboot Impact: Denial of service, The crash may lead to RCE locally thus attaining root privilege on the device Remotely Exploitable: UNKNOWN Locally Exploitable: YES 3. Vulnerability Description (A) The administrative authentication mechanism of the modem can be bypassed by feeding with a string of 121 characters in length, either in username or password field. (B) A crash causes the modem to restart. This is caused when either of the password or username fields are fed with an input of 130 characters or above. [Note: If username is targeted for exploitation, then password field shall be fed with minimum 6 characters (any characters) and vice versa ] _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Multiple Vulnerabilities in ZTE AC 3633R USB Modem vishnu raju (May 19)