I found and reported a Vulnerability in a zte product and they rated it low , and i don’t think so … now what ? – Digitalmunition




Home Forums I found and reported a Vulnerability in a zte product and they rated it low , and i don’t think so … now what ?

This topic contains 1 reply, has 2 voices, and was last updated by  sephstorm 1 month, 2 weeks ago.

  • Author
    Posts
  • #368309

    anonymous
    Participant

    i can’t disclose info about it…. so here is a brief words about it .. due to the lack of authentication verifying in some pages which results in PPPoe username leak & wifi password leak ( in addition to the ability of modifying them) ….. that wouldn’t be a big deal if it wasn’t to the practices of the ISPs they contract with & supply devices to. as one of them that supplies that product to customers tends to have two management accounts in the device one with user privileges printed on the back of the device and the other with admin privileges with the PPPoe username as password

    so as expected any leak of the pppoe username which happens that you can’t find it anywhere other than the router configuration page … leads to access of an admin account that mostly the users/customers/owners don’t know about.

    and to the surprise, you can found about more than 1K of that device remotely accessible on shodan

    they know and i have mentioned the ISP stuff … but the shodan part.

    the device has somewhat good specs which would make it a decent addition to someone bot net.

    So am i overstatement & should remove this post and take the bounty and shut the F up or what ?

  • #368310

    sephstorm

    Send it to someone who knows how to get the word out. Or just accept it, your choice.

  • #368311

    n0b0dyc4r35

    if you’re in the US and this is your normal Reddit account I’d nuke the post now smile and go on your way. if your in another more civilized country and the company is in the US laugh and nod.

You must be logged in to reply to this topic.