SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities found in ZTE ZXR10 Router.

ZXR10 ZSR V2 series router is “the next generation intelligent access router product of ZTE, which integrates routing, switching, wireless, security, and VPN gateway. The product adopts industry-leading hardware platform and software architecture to provide an intelligent and flexible platform for building efficient, reliable, flexible, and maintainable enterprise intelligence networks.”

The vulnerabilities found are:

  • Hard-coded credentials
  • Arbitrary file upload
  • Authentication bypass
  • Arbitrary file read
  • Unauthorized configuration file download

An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address these vulnerabilities.

For more details:

CVE: CVE-2017-10931

Continue reading SSD Advisory – ZTE ZXR10 Router Multiple Vulnerabilities