{"vuid":"VU#600724","idnumber":"600724","name":"ZTE F460/F660 cable modems contain an unauthenticated backdoor","keywords":["zte","f460","f660","cable modem","backdoor","unauthenticated","cpe"],"overview":"ZTE F460/F660 cable modems contain an unauthenticated backdoor.","clean_desc":"ZTE F460/F660 cable modems contain an unauthenticated backdoor. The web_shell_cmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the web_shell_cmd.gch script is sometimes accessible from the WAN interface making exploitation of this backdoor from the Internet possible in certain cases. Additional details may be found in Rapid7's R7-2013-18 advisory. ZTE has provided a statement about this vulnerability.","impact":"An unauthenticated attacker can run commands with administrator level access on the device.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workaround.","workarounds":"Remove Affected Script Users can log into the device and manually delete the web_shell_cmd.gch script.","sysaffected":"","thanks":"Thanks to Rapid7 for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor","http://www.myxzy.com/post-411.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-01-08T13:17:43Z","publicdate":"2014-03-03T00:00:00Z","datefirstpublished":"2014-03-04T19:54:44Z","dateupdated":"2014-03-19T14:30:41Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:A/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.1","cvss_environmentalscore":"5.3414916815232","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}