Details of VAR-201712-0388

ID

VAR-201712-0388

CVE

CVE-2017-16953

TITLE

ZTE ZXDSL 831CII Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-010994

DESCRIPTION

connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. ZTE ZXDSL 831CII The device contains an authentication vulnerability.Information may be tampered with. ZTEZXDSL831CII is an ADSL modem (Modem) product of China ZTE Corporation (ZTE). An unauthorized access vulnerability exists in ZTEZXDSL831CII due to a program that failed to properly restrict access. An attacker could exploit this vulnerability to change the router's PPPoE configuration, causing a denial of service

Trust: 2.25

sources: NVD: CVE-2017-16953 // JVNDB: JVNDB-2017-010994 // CNVD: CNVD-2017-35687 // VULHUB: VHN-107927

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35687

AFFECTED PRODUCTS

vendor:	zte	model:	zxdsl 831cii	scope:	eq	version:	-	Trust: 1.6
vendor:	zte	model:	zxdsl 831cii	scope:	-	version:	-	Trust: 1.4

sources: CNVD: CNVD-2017-35687 // JVNDB: JVNDB-2017-010994 // CNNVD: CNNVD-201711-1108 // NVD: CVE-2017-16953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16953
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16953
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-35687
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-1108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-107927
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16953
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35687
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-107927
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16953
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35687 // VULHUB: VHN-107927 // JVNDB: JVNDB-2017-010994 // CNNVD: CNNVD-201711-1108 // NVD: CVE-2017-16953

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-107927 // JVNDB: JVNDB-2017-010994 // NVD: CVE-2017-16953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1108

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-1108

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010994

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-107927

PATCH

title:	Statement of Vulnerability in ZTE ZXDSL 831CII Unauthorized Configuration Access	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762	Trust: 0.8
title:	ZTEZXDSL831CII Unauthorized Access Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/107615	Trust: 0.6

sources: CNVD: CNVD-2017-35687 // JVNDB: JVNDB-2017-010994

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16953	Trust: 3.1
db:	EXPLOIT-DB	id:	43188	Trust: 2.3
db:	PACKETSTORM	id:	145121	Trust: 1.7
db:	ZTE	id:	1008762	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-010994	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1108	Trust: 0.7
db:	ZTE	id:	1008763	Trust: 0.6
db:	EXPLOITDB	id:	43188	Trust: 0.6
db:	CNVD	id:	CNVD-2017-35687	Trust: 0.6
db:	VULHUB	id:	VHN-107927	Trust: 0.1

sources: CNVD: CNVD-2017-35687 // VULHUB: VHN-107927 // JVNDB: JVNDB-2017-010994 // CNNVD: CNNVD-201711-1108 // NVD: CVE-2017-16953

REFERENCES

url:	https://www.exploit-db.com/exploits/43188/	Trust: 2.3
url:	http://packetstormsecurity.com/files/145121/zte-zxdsl-831-unauthorized-configuration-access-bypass.html	Trust: 1.7
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1008762	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16953	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16953	Trust: 0.8
url:	http://seclists.org/fulldisclosure/2017/nov/47	Trust: 0.6
url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1008763	Trust: 0.6

sources: CNVD: CNVD-2017-35687 // VULHUB: VHN-107927 // JVNDB: JVNDB-2017-010994 // CNNVD: CNNVD-201711-1108 // NVD: CVE-2017-16953

SOURCES

db:	CNVD	id:	CNVD-2017-35687
db:	VULHUB	id:	VHN-107927
db:	JVNDB	id:	JVNDB-2017-010994
db:	CNNVD	id:	CNNVD-201711-1108
db:	NVD	id:	CVE-2017-16953

LAST UPDATE DATE

2024-11-23T22:59:08.428000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35687	date:	2017-12-04T00:00:00
db:	VULHUB	id:	VHN-107927	date:	2017-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-010994	date:	2017-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201711-1108	date:	2017-12-04T00:00:00
db:	NVD	id:	CVE-2017-16953	date:	2024-11-21T03:17:18.830

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35687	date:	2017-11-30T00:00:00
db:	VULHUB	id:	VHN-107927	date:	2017-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-010994	date:	2017-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201711-1108	date:	2017-11-28T00:00:00
db:	NVD	id:	CVE-2017-16953	date:	2017-12-01T17:29:00.620