CSRF Vulnerability in ZTE ZXDSL Broadband Router
CVE-2012-4746

Currently unrated

Key Information:

Vendor: Zte
Status: Zxdsl
Vendor: CVE Published:; 31 August 2012

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2012-4746?

A cross-site request forgery (CSRF) vulnerability exists in the accessaccount.cgi file of ZTE ZXDSL 831IIV7.5.0a_Z29_OV. This flaw enables remote adversaries to hijack administrative authentication. Exploitation of this vulnerability allows attackers to modify the administrator password by sending unauthorized requests containing the sysPassword parameter, potentially compromising the security of the device’s management interface. Proper safeguards should be implemented to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-4746 - Proof of Concept

References

http://www.exploit-db.com/exploits/18722

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Aug 31, 2012
👾
Exploit known to exist
Aug 31, 2012
Vulnerability published
Aug 31, 2012

CVE-2012-4746 Data

JSON

Zte

Badges

What is CVE-2012-4746?

Exploit Proof of Concept (PoC)

References

Timeline