- Cisco Talos discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.
- The router's seven discovered flaws make it prone to the execution of arbitrary remote code.
- Cisco Talos and ZTE have collaborated towards creating an upgrade to fix these vulnerabilities so owners can update to remove them.
Cisco Talos has recently released information on its vulnerability test on the ZTE MF971R LTE portable router. This device is made to function like most other LTE/GSM modems, and this makes it susceptible to exploits in several ways. One of those ways is a specially crafted HTTP request sent out to the targeted device.
For this device, Talos has discovered the following:
The 1320 and 1321 vulnerabilities have to do with stack-based buffer overflows. Any potential attackers can possibly exploit these device flaws to execute arbitrary remote codes. They would need to fulfill a referrer bypass, outlined in 1317, which allows attackers to provide a URL to the victim to trigger get a referer-based mitigation bypass.
Vulnerability 1316 also allows for a configuration file entry overwrite. Finally, vulnerability 1313 allows for a CRLF router vulnerability injection without needing logging in.
Cisco Talos has already communicated the vulnerability details to ZTE to help them resolve the issues and generate an update for active users. ZTE customers using the MF971R LTE portable router are recommended to upgrade to ZTE Corp. MF971R router, versions "wa_inner_version:BD_LVWRGBMF971RV1.0.0B01", "wa_inner_version:BD_PLKPLMF971R1V1.0.0B06", "zte_topsw_goahead - MD5 B2176B393A97B5BA13791FC591D2BE3F" and "zte_topsw_goahead - MD5 bf5ada32c9e8c815bfd51bfb5b8391cb". As per Talos, these versions are not affected by the recently discovered vulnerabilities.