Cross-Site Request Forgery Vulnerabilities in ZTE ZXDSL 831CII
CVE-2014-9019

Currently unrated

Key Information:

Vendor: Zte
Status: Zxdsl
Vendor: CVE Published:; 20 November 2014

What is CVE-2014-9019?

The ZTE ZXDSL 831CII device is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities that could allow remote attackers to manipulate the device configurations. Exploitation of these vulnerabilities could enable attackers to hijack the authentication of administrators, leading to unauthorized changes in the admin username, execution of cross-site scripting (XSS) attacks, or alterations to admin passwords through specific parameters in the adminpasswd.cgi save action. This could result in significant security risks, exposing sensitive administrator privileges and compromising device integrity.

References

http://www.securityfocus.com/archive/1/533930/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/129016/ZTE-831CII-Ha...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/98585

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2014
Vulnerability Reserved
Nov 20, 2014

Zte

What is CVE-2014-9019?

References

Timeline