CVE-2014-9184 Information

Description

ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi (2) adminpasswd.cgi (3) userpasswd.cgi (4) upload.cgi (5) conprocess.cgi or (6) connect.cgi.

Reference

http://packetstormsecurity.com/files/129015/ZTE-ZXDSL-831CII-Insecure-Direct-Object-Reference.html