.. / CVE-2014-2321

Exploit for ZTE Cable Modem Web Shell (CVE-2014-2321)

Description:

ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using “set TelnetCfg” commands to enable a TELNET service with specified credentials.

Nuclei Template

View the template here CVE-2014-2321.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-2321.yaml

References:

https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/
https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/
http://www.kb.cert.org/vuls/id/600724
https://nvd.nist.gov/vuln/detail/CVE-2014-2321
http://www.myxzy.com/post-411.html

.. / CVE-2014-2321 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for ZTE Cable Modem Web Shell (CVE-2014-2321)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-2321