Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE多款产品 安全漏洞
Vulnerability Description
ZTE ZXHN H168N等都是中国中兴(ZTE)公司的产品。ZTE ZXHN H168N是一款路由器。ZTE ZXHN E500是一款无线路由器。ZTE ZXHN H168A是一款无线路由器。 ZTE多款产品存在安全漏洞,该漏洞源于存在基于堆栈的缓冲区溢出漏洞,未经身份验证的攻击者可以利用此漏洞以root身份远程执行代码。以下产品和版本受到影响:ZXHN H168A V2.1版本、ZXHN H168N V3.5版本、ZXHN E500 V1.0版本。
CVSS Information
N/A
Vulnerability Type
N/A