ZTE AC 3633R USB Modem - Multiple Vulnerabilities

EDB-ID:

37199

CVE:


EDB Verified:

Author:

Vishnu

Type:

dos

Exploit:   /  

Platform:

Hardware

Date:

2015-06-04

Vulnerable App: 
# Exploit Title: ZTE AC 3633R USB Modem Multiple Vulnerabilities
# Date: 4/06/2015
# Exploit Author: [Vishnu (@dH3wK)
# Vendor Homepage: [http://zte.com.cn
# Version: 3633R
# Tested on: Windows, Linux


Greetings from vishnu (@dH4wk)

1. Vulnerable Product Version

- ZTE AC3633R (MTS Ultra Wifi Modem)

2. Vulnerability Information

(A) Authentication Bypass
Impact: Attacker gains administrative access
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES

(B) Device crash which results in reboot
Impact: Denial of service, The crash may lead to RCE locally thus
attaining root privilege on the device
Remotely Exploitable: UNKNOWN
Locally Exploitable: YES

3. Vulnerability Description

(A) The administrative authentication mechanism of the modem can be
bypassed by feeding with a string of 121 characters in length, either in
username or password field.

(B) A crash causes the modem to restart. This is caused when either of
the password or username fields are fed with an input of 130 characters
or above.

[Note: If username is targeted for exploitation, then password field shall
be fed with minimum 6 characters (any characters) and vice versa ]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services