![]() ![]() Users can log in to the device and remove the script completely. These cases appear to be a configuration error on the part of either the users or the users' ISPs. ![]() Many of these devices also expose the web_shell_cmd.gch script, making it available to unauthenticated users from the WAN side of the cable modem. Several thousand of these devices are exposed to the Internet, according to a cursory search of the SHODAN Computer Search Engine: which discusses how to remove web_shell_cmd.gch since it allows "any computer on the LAN can use this file to get the superuser password." The existence of this backdoor is apparently already known in some circles. Many ZTE F460/F660 cable modems, preferred by ChinaTelecom and other China-based ISPs, ship with an unauthenticated backdoor. If you know a good security contact at ZTE, please let us know at so that we may get confirmation from the vendor the next time we have something security-related to discuss with their products. As always, our goal with this disclosure is to strengthen the security of the Internet as a whole. ![]() One usual aspect of this vulnerability is that it does not appear to be unique in its discovery, given the URLs cited below. We have had no response from the vendor to our queries for a suitable security contact and PGP key. Per Rapid7's disclosure policy at, we are disclosing a discovered vulnerability regarding SOHO routers from hardware manufacturer ZTE. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |