CVE-2017-10931
CVE-2017-10931
In short
A web interface vulnerability in ZXR10 1800-2S devices allows unauthorized users to download any files from the system, potentially exposing sensitive information like system configurations.
Technical detail
Improper access control in the web interface fails to properly restrict file download operations for WEB users, allowing arbitrary file retrieval before v3.00.40. This enables information disclosure of system configurations and other sensitive data without elevated privileges.
Summary generated and translated by AI from the official description.
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Affected products
ZTE · ZX10 1800-2SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →