ID
VAR-201208-0320
CVE
CVE-2012-4746
TITLE
ZTE ZXDSL Cross-Site Request Forgery Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2012-4649 //
CNNVD: CNNVD-201208-724
DESCRIPTION
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. ZTE ZXDSL is an ADSL device. ZTE ZXDSL accessaccount.cgi has a cross-site request forgery vulnerability
Trust: 2.25
sources:
NVD: CVE-2012-4746 //
JVNDB: JVNDB-2012-004066 //
CNVD: CNVD-2012-4649 //
VULHUB: VHN-58027
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-4649
AFFECTED PRODUCTS
| vendor: | zte | model: | zxdsl | scope: | eq | version: | 831iiv7.5.0a_z29_ov | Trust: 2.4 |
| vendor: | zte | model: | zxdsl 831iiv7.5.0a z29 ov | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-4649 //
JVNDB: JVNDB-2012-004066 //
CNNVD: CNNVD-201208-724 //
NVD: CVE-2012-4746
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
VULHUB: VHN-58027 //
JVNDB: JVNDB-2012-004066 //
CNNVD: CNNVD-201208-724 //
NVD: CVE-2012-4746
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.9 |
sources:
VULHUB: VHN-58027 //
JVNDB: JVNDB-2012-004066 //
NVD: CVE-2012-4746
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201208-724
TYPE
cross-site request forgery
Trust: 0.6
sources:
CNNVD: CNNVD-201208-724
CONFIGURATIONS
sources:
JVNDB: JVNDB-2012-004066
EXPLOIT AVAILABILITY
sources:
VULHUB: VHN-58027
PATCH
| title: | ZXDSL 831II | url: | http://wwwen.zte.com.cn/en/products/access/cpe/201111/t20111110_262352.html | Trust: 0.8 |
sources:
JVNDB: JVNDB-2012-004066
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-4746 | Trust: 3.1 |
| db: | EXPLOIT-DB | id: | 18722 | Trust: 2.3 |
| db: | JVNDB | id: | JVNDB-2012-004066 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201208-724 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2012-4649 | Trust: 0.6 |
| db: | SEEBUG | id: | SSVID-72288 | Trust: 0.1 |
| db: | SEEBUG | id: | SSVID-72770 | Trust: 0.1 |
| db: | EXPLOIT-DB | id: | 18061 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-58027 | Trust: 0.1 |
sources:
CNVD: CNVD-2012-4649 //
VULHUB: VHN-58027 //
JVNDB: JVNDB-2012-004066 //
CNNVD: CNNVD-201208-724 //
NVD: CVE-2012-4746
REFERENCES
| url: | http://www.exploit-db.com/exploits/18722 | Trust: 1.7 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4746 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4746 | Trust: 0.8 |
| url: | http://www.exploit-db.com/exploits/18722/ | Trust: 0.6 |
sources:
CNVD: CNVD-2012-4649 //
VULHUB: VHN-58027 //
JVNDB: JVNDB-2012-004066 //
CNNVD: CNNVD-201208-724 //
NVD: CVE-2012-4746
SOURCES
| db: | CNVD | id: | CNVD-2012-4649 |
| db: | VULHUB | id: | VHN-58027 |
| db: | JVNDB | id: | JVNDB-2012-004066 |
| db: | CNNVD | id: | CNNVD-201208-724 |
| db: | NVD | id: | CVE-2012-4746 |
LAST UPDATE DATE
2025-04-11T22:56:13.917000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-4649 | date: | 2012-09-04T00:00:00 |
| db: | VULHUB | id: | VHN-58027 | date: | 2012-09-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-004066 | date: | 2012-09-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201208-724 | date: | 2012-09-04T00:00:00 |
| db: | NVD | id: | CVE-2012-4746 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-4649 | date: | 2012-09-04T00:00:00 |
| db: | VULHUB | id: | VHN-58027 | date: | 2012-08-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-004066 | date: | 2012-09-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201208-724 | date: | 2012-08-31T00:00:00 |
| db: | NVD | id: | CVE-2012-4746 | date: | 2012-08-31T22:55:02.060 |