Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE ZXHN F670和ZTE ZXHN H108N 输入验证错误漏洞
Vulnerability Description
ZTE ZXHN F670和ZTE ZXHN H108N都是中国中兴通讯(ZTE)公司的一款调制解调器。 部分中兴设备存在输入验证错误漏洞,该漏洞源于这些设备支持通过web管理页面配置静态前缀。通过构造POST请求消息并将请求发送到静态路由规则配置接口的创建中,可以绕过前端代码的限制。WEB服务后端无法有效地验证异常输入。攻击者可利用该漏洞可以成功利用该漏洞篡改参数值。以下产品及版本受到影响:ZXHN Z500 V1.0.0.2B1.1000,ZXHN F670L V1.1.10P1N2E, ZXHN Z
CVSS Information
N/A
Vulnerability Type
N/A