ZBL EPON ONU Broadband Router Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the ZBL EPON ONU Broadband Router V100R001. This vulnerability allows limited administrative users to elevate their access by sending requests to specific configuration endpoints. Exploitation of this vulnerability involves accessing the configuration backup or password page to retrieve the super user password, thereby gaining additional privileged functionalities.

Impact

Exploitation of this vulnerability allows limited administrative users to gain elevated privileges, accessing additional functionalities reserved for super users.

Reproduction

The vulnerability can be reproduced by sending an HTTP GET request to the router's configuration backup endpoint or the system password page. This can be done using a web browser or a tool that allows HTTP requests. Once the request is sent, the super user password can be extracted from the response.