Details of VAR-201411-0115

ID

VAR-201411-0115

CVE

CVE-2014-9021

TITLE

ZTE ZXDSL 831 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-005572

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due to different affected products and codebases. ZTE ZXDSL 831 Contains a cross-site scripting vulnerability. CVE-2014-9020 It was divided from.By any third party, via the following parameters Web Script or HTML May be inserted. ZXDSL831 is an ADSL modem produced by ZTE Corporation. It is a modem with routing function, which can be called a cat routing machine. ZTE ZXDSL 831 has multiple HTML injection vulnerabilities. An attacker could exploit this vulnerability to steal cookies and obtain sensitive information. ZTE ZXDSL 831 is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. # Exploit Title: ZTE ZXDSL 831 Multiple Cross Site Scripting # Date: 11/3/2014 # Exploit Author: Paulos Yibelo # Vendor Homepage: zte.com.cn # Software Link: - # Version: - # Tested on: Windows 7 # CVE :- TR-069 Client page: Stored

Trust: 2.52

sources: NVD: CVE-2014-9021 // JVNDB: JVNDB-2014-005572 // CNVD: CNVD-2014-08186 // BID: 70985 // PACKETSTORM: 129017

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08186

AFFECTED PRODUCTS

vendor:	zteusa	model:	zxdsl 831	scope:	eq	version:	-	Trust: 1.6
vendor:	zte	model:	zxdsl 831	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxdsl	scope:	eq	version:	831	Trust: 0.6

sources: CNVD: CNVD-2014-08186 // JVNDB: JVNDB-2014-005572 // CNNVD: CNNVD-201411-231 // NVD: CVE-2014-9021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9021
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9021
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08186
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-231
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-9021
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08186
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08186 // JVNDB: JVNDB-2014-005572 // CNNVD: CNNVD-201411-231 // NVD: CVE-2014-9021

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2014-005572 // NVD: CVE-2014-9021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-231

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 129017 // CNNVD: CNNVD-201411-231

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005572

PATCH

title:

Top Page

url:

http://wwwen.zte.com.cn/en/

Trust: 0.8

sources: JVNDB: JVNDB-2014-005572

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9021	Trust: 3.4
db:	BID	id:	70985	Trust: 2.5
db:	PACKETSTORM	id:	129017	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-005572	Trust: 0.8
db:	CNVD	id:	CNVD-2014-08186	Trust: 0.6
db:	XF	id:	98565	Trust: 0.6
db:	CNNVD	id:	CNNVD-201411-231	Trust: 0.6

sources: CNVD: CNVD-2014-08186 // BID: 70985 // JVNDB: JVNDB-2014-005572 // PACKETSTORM: 129017 // CNNVD: CNNVD-201411-231 // NVD: CVE-2014-9021

REFERENCES

url:	http://www.securityfocus.com/bid/70985	Trust: 2.2
url:	http://packetstormsecurity.com/files/129017/zte-zxdsl-831-cross-site-scripting.html	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/archive/1/533931/100/0/threaded	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98565	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/533931/100/0/threaded	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9021	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9021	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/98565	Trust: 0.6
url:	http://192.168.1.1/psilan.cgi?action=save&ethipaddress=192.168.1.1&ethsubnetmask=255.255.255.0&hostname=zxdsl83c1ii&domainname=home%27;alert%280%29;//&enblupnp=1&enbllan2=0	Trust: 0.1
url:	http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1&tr69cinforminterval=43200&tr69cacsurl=http://acs.site.et:9090/web/tr069&tr69cacsuser=cpe&tr69cacspwd=cpe&tr69cconnrequser=itms&tr69cconnreqpwd=itms%27;alert%280%29;//&tr69cnoneconnreqauth=0&tr69cdebugenable=0%27;alert%280%29;//	Trust: 0.1
url:	http://192.168.1.1/tr69cfg.html	Trust: 0.1
url:	http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1&tr69cinforminterval=43200&tr69cacsurl=http://acs.site.et:9090/web/tr069&tr69cacsuser=cpe%27;alert%280%29;//&tr69cacspwd=cpe&tr69cconnrequser=itms&tr69cconnreqpwd=itms&tr69cnoneconnreqauth=0&tr69cdebugenable=0	Trust: 0.1
url:	http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1&tr69cinforminterval=43200&tr69cacsurl=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//&tr69cacsuser=cpe&tr69cacspwd=cpe&tr69cconnrequser=itms&tr69cconnreqpwd=itms&tr69cnoneconnreqauth=0&tr69cdebugenable=0	Trust: 0.1
url:	http://192.168.1.1/tr69cfg.cgi?tr69cinformenable=1&tr69cinforminterval=43200&tr69cacsurl=http://acs.site.et:9090/web/tr069&tr69cacsuser=cpe&tr69cacspwd=cpe%27;alert%280%29;//&tr69cconnrequser=itms&tr69cconnreqpwd=itms&tr69cnoneconnreqauth=0&tr69cdebugenable=0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9021	Trust: 0.1
url:	http://192.168.1.1/sntpcfg.sntp?ntp_enabled=0&tmyear=2000%27lol&tmmonth=01&tmday=01&tmhour=00&tmminute=30&timezone_offset=+08:00&timezone=beijing,%20chongqing,%20hong%20kong,%20urumqi%22;alert%280%29;//&use_dst=0&enbllightsaving=0	Trust: 0.1

sources: CNVD: CNVD-2014-08186 // JVNDB: JVNDB-2014-005572 // PACKETSTORM: 129017 // CNNVD: CNNVD-201411-231 // NVD: CVE-2014-9021

CREDITS

habte.yibelo

Trust: 0.9

sources: BID: 70985 // CNNVD: CNNVD-201411-231

SOURCES

db:	CNVD	id:	CNVD-2014-08186
db:	BID	id:	70985
db:	JVNDB	id:	JVNDB-2014-005572
db:	PACKETSTORM	id:	129017
db:	CNNVD	id:	CNNVD-201411-231
db:	NVD	id:	CVE-2014-9021

LAST UPDATE DATE

2025-04-13T23:26:47.961000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08186	date:	2014-11-11T00:00:00
db:	BID	id:	70985	date:	2014-11-25T00:58:00
db:	JVNDB	id:	JVNDB-2014-005572	date:	2014-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201411-231	date:	2014-11-21T00:00:00
db:	NVD	id:	CVE-2014-9021	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08186	date:	2014-11-11T00:00:00
db:	BID	id:	70985	date:	2014-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-005572	date:	2014-11-21T00:00:00
db:	PACKETSTORM	id:	129017	date:	2014-11-07T16:56:04
db:	CNNVD	id:	CNNVD-201411-231	date:	2014-11-15T00:00:00
db:	NVD	id:	CVE-2014-9021	date:	2014-11-20T17:50:10.147