CVE-2017-10935
CVE-2017-10935
In short
A flaw in ZTE ZXR10 1800-2S routers lets authenticated users change other users' passwords without proper verification, bypassing security controls that should protect account access.
Technical detail
The vulnerability allows authenticated users to bypass password authentication mechanisms and modify other users' credentials. The attack requires prior authentication but exploits insufficient validation of password change operations, compromising account integrity across the system.
Summary generated and translated by AI from the official description.
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
Affected products
ZTE · ZXR10 1800-2SWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →