Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-2321 PoC — ZTE F460/F660 Backdoor 未授权访问漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-2321.yaml
Associated Vulnerability
Title:ZTE F460/F660 Backdoor 未授权访问漏洞 (CVE-2014-2321)
Description:ZTE F460和F660都是中国中兴通讯(ZTE)公司的光纤猫(调制解调器)产品。 ZTE F460和F660光纤调制解调器的web_shell_cmd.gch脚本文件中存在安全漏洞。远程攻击者可通过发送sendcmd请求利用该漏洞获取管理的权限。
Description
ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
File Snapshot

 id: CVE-2014-2321

info:
  name: ZTE Cable Modem Web Shell
  author: geeknik
  severity: critical
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.