The following advisory describes five (5) vulnerabilities found in ZTE ZXR10 Router.
ZXR10 ZSR V2 series router is “the next generation intelligent access router product of ZTE, which integrates routing, switching, wireless, security, and VPN gateway. The product adopts industry-leading hardware platform and software architecture to provide an intelligent and flexible platform for building efficient, reliable, flexible, and maintainable enterprise intelligence networks.”
The vulnerabilities found are:
- Hard-coded credentials
- Arbitrary file upload
- Authentication bypass
- Arbitrary file read
- Unauthorized configuration file download
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
The vendor has released patches to address these vulnerabilities.
For more details: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10931