India Broadband Forum


Security bug in ZXDSL 531B

This is a discussion on Security bug in ZXDSL 531B within the BSNL broadband forums, part of the Broadband Internet Service Providers category; If you are using BSNL's ZTE ZXDSL 531B to surf the net this post is for you. If you have ...

Go Back   India Broadband Forum > Indian Broadband Forums > Broadband Internet Service Providers > BSNL broadband

India Broadband Forum


BSNL broadband Bsnl broadband internet connection and modems, routers and other bsnl dataone related issues can be discussed here.

                      

Reply

 

LinkBack Thread Tools Display Modes
Old 09-29-08, 06:28 PM   #1
Junior Member
 
Join Date: Sep 2008
Posts: 5
Rep Power: 2
crashpoint_zero is on a distinguished road
Default Security bug in ZXDSL 531B

If you are using BSNL's ZTE ZXDSL 531B to surf the net this post is for you.

If you have not bothered to change the admin password, LAN IP of your modem, then you don't care enough - safely skip this post as this critical bug will be just another jump of convinience over security for you.

I was fiddling with the tftp implementation of the modem which means I was trying to configure the modem from command line using

telnet modem_ip 23

on my ubuntu box. To my surprise, the user "user" which has limited rights of just uploading a new configuration file could do everything an "admin" could do from the telnet session. I have reported the bug to ZTE. Hopefully, they should upgrade their firmware with the fix.

Those of you guys who changed the admin password but did not do the same with the "user" and "support" password - change it now.
crashpoint_zero is offline   Reply With Quote
Old 09-29-08, 10:17 PM   #2
Platinum Member
 
Join Date: Feb 2008
Posts: 2,692
Rep Power: 5
superprash2003 will become famous soon enoughsuperprash2003 will become famous soon enough
Default

good job.. thanks for informing!!
superprash2003 is offline   Reply With Quote
Old 09-29-08, 10:21 PM   #3
 
Admin's Avatar
 
Join Date: Jan 2006
Location: New Delhi
Age: 32
Posts: 4,700
Rep Power: 12
Admin is just really niceAdmin is just really niceAdmin is just really niceAdmin is just really niceAdmin is just really nice
Default

Thanks for sharing the info... this is like leaving one side of the house without fence and hoping that no one would ever notice it.

Reps added.
Admin is offline   Reply With Quote
Old 09-29-08, 10:26 PM   #4
Platinum Member
 
Join Date: Feb 2008
Posts: 2,692
Rep Power: 5
superprash2003 will become famous soon enoughsuperprash2003 will become famous soon enough
Default

just tried it out with my modem also, same result.."user" can do anything via telnet but is limited when accessed via browser..My modem is ut300r2u.Very interesting.. although luckily i have disabled telnet access from the internet
superprash2003 is offline   Reply With Quote
Old 09-30-08, 10:36 PM   #5
Bronze Member
 
Join Date: Sep 2008
Posts: 140
Rep Power: 2
manojjonam10 is on a distinguished road
Default

Thanks for informing and also sharing the content.This is the first time i had got information about telnet operations.
manojjonam10 is offline   Reply With Quote
Old 10-01-08, 12:02 PM   #6
Platinum Member
 
just4kix's Avatar
 
Join Date: Dec 2007
Location: Pune
Posts: 8,899
Blog Entries: 6
Rep Power: 19
just4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to beholdjust4kix is a splendid one to behold
Default

Excellent pointer. Repo points given.
just4kix is offline   Reply With Quote
Old 10-02-08, 12:46 AM   #7
Junior Member
 
Join Date: Sep 2008
Posts: 5
Rep Power: 2
crashpoint_zero is on a distinguished road
Default

Quote:
Originally Posted by superprash2003 View Post
just tried it out with my modem also, same result.."user" can do anything via telnet but is limited when accessed via browser..My modem is ut300r2u.Very interesting.. although luckily i have disabled telnet access from the internet
I hope you have checked out the modem manufacturer's website on google and reported this bug to him.

Quote:
Originally Posted by crashpoint_zero View Post
I hope you have checked out the modem manufacturer's website on google and reported this bug to him.
unless it is ZTE, of course. That would make both of us eligible for the prize money. : )

Last edited by crashpoint_zero; 10-02-08 at 12:46 AM. Reason: Automerged Doublepost
crashpoint_zero is offline   Reply With Quote
Reply

Tags
531b, bug, security, zxdsl

Thread Tools
Display Modes

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads

Thread Thread Starter Forum Replies Last Post
help regardin zte zxdsl 531b sitar BSNL broadband 4 12-31-08 05:36 PM
ZTE zxdsl 531B wireless problem ykeen BSNL broadband 1 09-17-08 09:17 AM
reg ZXDSL 531B dell1900 BSNL broadband 0 09-01-08 12:29 PM
protection for internet in the zte zxdsl 531b chotusikar BSNL broadband 2 07-18-08 06:31 PM
ZXDSL 531B - Configuration haritngandhi BSNL broadband 5 04-02-08 01:40 PM


All times are GMT +5.5. The time now is 11:45 PM.


India Broadband Forum