Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile without any validation if it is a valid session file or not. An attacker who is able to write a malicious file in the sessions directory can get RCE as root.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZTE多款产品 安全漏洞
Vulnerability Description
ZTE ZXHN H168N等都是中国中兴(ZTE)公司的产品。ZTE ZXHN H168N是一款路由器。ZTE ZXHN E500是一款无线路由器。ZTE ZXHN H168A是一款无线路由器。 ZTE多款产品存在安全漏洞,该漏洞源于存在本地文件包含漏洞,攻击者可以利用此漏洞以root身份远程执行代码。以下产品和版本受到影响:ZXHN H168A V2.1版本、ZXHN H168N V3.5版本、ZXHN E500 V1.0版本。
CVSS Information
N/A
Vulnerability Type
N/A