Security bug in ZXDSL 531B

**crashpoint_zero** · 09-29-08, 06:28 PM

If you are using BSNL's ZTE ZXDSL 531B to surf the net this post is for you.

If you have not bothered to change the admin password, LAN IP of your modem, then you don't care enough - safely skip this post as this critical bug will be just another jump of convinience over security for you.

I was fiddling with the tftp implementation of the modem which means I was trying to configure the modem from command line using

telnet modem_ip 23

on my ubuntu box. To my surprise, the user "user" which has limited rights of just uploading a new configuration file could do everything an "admin" could do from the telnet session. I have reported the bug to ZTE. Hopefully, they should upgrade their firmware with the fix.

Those of you guys who changed the admin password but did not do the same with the "user" and "support" password - change it now.

**superprash2003** · 09-29-08, 10:17 PM

good job.. thanks for informing!!

**Admin** · 09-29-08, 10:21 PM

Thanks for sharing the info... this is like leaving one side of the house without fence and hoping that no one would ever notice it.

Reps added.

**superprash2003** · 09-29-08, 10:26 PM

just tried it out with my modem also, same result.."user" can do anything via telnet but is limited when accessed via browser..My modem is ut300r2u.Very interesting.. although luckily i have disabled telnet access from the internet

**manojjonam10** · 09-30-08, 10:36 PM

Thanks for informing and also sharing the content.This is the first time i had got information about telnet operations.

**just4kix** · 10-01-08, 12:02 PM

Excellent pointer. Repo points given.

**crashpoint_zero** · 10-02-08, 12:46 AM

Originally Posted by superprash2003

just tried it out with my modem also, same result.."user" can do anything via telnet but is limited when accessed via browser..My modem is ut300r2u.Very interesting.. although luckily i have disabled telnet access from the internet

I hope you have checked out the modem manufacturer's website on google and reported this bug to him.

Originally Posted by crashpoint_zero

I hope you have checked out the modem manufacturer's website on google and reported this bug to him.

unless it is ZTE, of course. That would make both of us eligible for the prize money. : )

**NoisySilence** · 03-16-10, 09:02 AM

Recently, I was configuring my modem when I came up with this bug.

In order to reboot your modem/router, one does not even need user privileges. Try this yourself

type http://192.168.1.1/rebootinfo.cgi (change IP to your modem IP) and open it.

Your modem will just reboot. No questions asked. So, if you haven't secured your modem, especially wifi, you are exposed to really a big problem.

Thread: Security bug in ZXDSL 531B

LinkBack

Thread Tools

Display

Security bug in ZXDSL 531B

Yet another bug

Thread Information

Users Browsing this Thread

Similar Threads

10 Security Tips when using Cyber Cafes

Acronis Security Solution

Online Security

Posting Permissions