ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
Posted by deepcore on April 2, 2021 – 7:41 pm
ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.
Post a reply
You must be logged in to post a comment.