Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE 831CII 跨站请求伪造漏洞
Vulnerability Description
ZTE ZXDSL 831CII是中国中兴通讯(ZTE)公司的一款ADSL调制解调器(Modem)产品。 ZTE ZXDSL 831CII中存在跨站请求伪造漏洞,该漏洞源于程序执行save操作时,adminpasswd.cgi文件没有充分过滤‘sysUserName’和‘sysPassword ’参数。远程攻击者可利用该漏洞更改管理员用户名和密码,实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A