Intrusion Prevention

ZTE.ZXHN.H168N.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in ZTE ZXHN H168N product.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted HTTP request. A remote attacker may be able to exploit this to bypass authentication on vulnerable systems.

Affected Products

ZTE ZXHN H168N product version V2.2.0_PK1.2T5
ZTE ZXHN H168N product version V2.2.0_PK1.2T2
ZTE ZXHN H168N product version V2.2.0_PK11T7
ZTE ZXHN H168N product version V2.2.0_PK11T

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523

CVE References

CVE-2018-7357 CVE-2018-7358

Other References

1009523 45972