[OWASP-Bangalore] BSNL Modems Exploit

Niranjan Patil niranjan.patil at gmail.com
Sat Aug 29 00:52:25 EDT 2009

Dear Prakash,

This is a good discovery. I recommend you to report this to the CPE vendor,
ZTE and the service provider, BSNL. Of course, they don't have vulnerability
reporting channel with them, at least we can report it through tech support
or to senior officials in BSNL. You can also report it to CERT India, which
is now being strengthened with more power and responsibility. You need to
provide sufficient proof of exploitation for them to act.

To over come such vulnerabilities or other weak implementations (in earlier
Huawei and other modems), you can configure your computer to directly
dial-in using PPPoE (if you have a single computer) or use another router
like Linksys, Netgear or Dlink (which seem to have better and secure
implementation) and configure PPPoE dial in through the modem. This
effectively turns the BSNL router/modem into a dumb device, working just as
a modem. This method does not fix the actual vulnerabilities but reduces the
attack surface.

Unfortunately, I don't have a ZTE modem to test this vulnerability.

Below are some contact you can use:
ZTE: http://wwwen.zte.com.cn/en/contact_us/

CERT: http://cert-in.org.in/vul-reporting.htm

BSNL: http://www.bsnl.co.in/directory_officer.htm

Niranjan Patil, CISSP, CCNA
Information Security Consultant

On Fri, Aug 28, 2009 at 8:25 PM, PraKash <prakash2757 at gmail.com> wrote:

> Just got hand of it, thought of sharing with you all.
> As per my knowledge, BSNL India gives 80 % of users ZTE modems.
> Specifically - ZXDSL 831 II.
> here are few exploits out on wild.. watch out.
> Change Admin Password & get full access to the modem
> URL Below gives access to configuration of the modem and you can get PPPOE
> user & password with any Asterisk Password Revealers
> Is anyone aware at BSNL or informed them ? If they dont push a firmware
> update (Hope they do) there are lakhs of Indian users at risk.
> If you are BSNL User with this modem, watch out.
> - Prakash
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090829/c8a56d1e/attachment.html 

More information about the OWASP-Bangalore mailing list