CVE-2014-8493 Information

Description

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

Reference

http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html http://seclists.org/fulldisclosure/2014/Nov/46 http://www.exploit-db.com/exploits/35272 http://www.exploit-db.com/exploits/35276 https://exchange.xforce.ibmcloud.com/vulnerabilities/98733 https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/