IQID:25152 ZTE ZXHN-H108NS Authentication Bypass S

IQID:25152 ZTE ZXHN-H108NS Authentication Bypass S

IQID: 25152 - November 2022

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. When specific http methods are listed within a security constraint, then only those methods are protected. Router ZTE-H108NS defines the following http methods: GET, POST, and HEAD. HEAD method seems to fall under a flawed operation which allows the HEAD to be implemented correctly with every Response Status Code.

A Full Description is available for this threat, please sign in for access to Full Description.

Attack Data

Attack Data is available for this threat, please sign in for access to Attack Data.

CVSS Information

CVSS Information is available for this threat, please sign in for access to CVSS Information.

Date

Date Information is available for this threat, please sign in for access to Date Information.

Security Rule

A security rule is available to identify this threat, please sign in for access to security rules.

Permalink

Link directly to this page.

http://www.idappcom.com/db/?25152

© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.