| CVE / Issue | Description | |-------------|-------------| | | Hardcoded backdoor credentials ( admin:admin , root:Zte521 ) in many models | | CVE-2021-21741 | Unauthenticated command injection in web interface ( ping_test.cgi ) | | CVE-2018-10355 | Weak password recovery (easily guessable token generation) | | CVE-2022-26477 | Telnet enabled by default with hardcoded root password | | TR-069 exploits | Remote ISP backdoor can be abused if authentication is bypassed | | Firmware encryption | Many models use weak XOR or fixed keys for firmware encryption, making reverse engineering easy |
رێنمایی ژماره (2)ی ساڵی 2022
رێنمایی دیارى كردنى شێواز و قهباره و رهنگ و ناوهڕۆكى تابلۆى ئۆتۆمبێل له ههرێمى كوردستان
| CVE / Issue | Description | |-------------|-------------| | | Hardcoded backdoor credentials ( admin:admin , root:Zte521 ) in many models | | CVE-2021-21741 | Unauthenticated command injection in web interface ( ping_test.cgi ) | | CVE-2018-10355 | Weak password recovery (easily guessable token generation) | | CVE-2022-26477 | Telnet enabled by default with hardcoded root password | | TR-069 exploits | Remote ISP backdoor can be abused if authentication is bypassed | | Firmware encryption | Many models use weak XOR or fixed keys for firmware encryption, making reverse engineering easy |