module
Zyxel/Eir D1000 DSL Modem NewNTPServer Command Injection Over TR-064
| Disclosed | Created |
|---|---|
| 2016-11-07 | 2018-05-30 |
Disclosed
2016-11-07
Created
2018-05-30
Description
Broadband DSL modems manufactured by Zyxel and distributed by some
European ISPs are vulnerable to a command injection vulnerability when setting
the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In
the tested case, no authentication is required to set this value on affected
DSL modems.
This exploit was originally tested on firmware versions up to 2.00(AADU.5)_20150909.
European ISPs are vulnerable to a command injection vulnerability when setting
the 'NewNTPServer' value using the TR-64 SOAP-based configuration protocol. In
the tested case, no authentication is required to set this value on affected
DSL modems.
This exploit was originally tested on firmware versions up to 2.00(AADU.5)_20150909.
Authors
Kenzo
Michael Messner devnull@s3cur1ty.de
todb todb@metasploit.com
wvu wvu@metasploit.com
0x27
Michael Messner devnull@s3cur1ty.de
todb todb@metasploit.com
wvu wvu@metasploit.com
0x27
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.