Some devices of a certain type of infrastructure used by China Unicom in a certain province can be controlled (directly leading to network disconnection [reset/reboot])

Some devices of a certain type of infrastructure used by China Unicom in a certain province can be controlled (directly leading to network disconnection [reset/reboot])

Network disconnection in minutes
It also makes it difficult for people to take a good look at the film!

This problem is the same as that of Huawei devices.

I'm curious. The two companies are supposed to be competitive.

Why is the system used by the device almost identical?

Except for weak passwords, commands are the same.

Alas, you have to pay attention to security.

Attached to the above mentioned Huawei device problems:

Http: // **. **/bugs/wooyun-2015-0144850



Perform port 23 scan on the network segment of **. It is found that the ZTE 9806H Device of ZTE is conspicuous.

So I googled what a sub-device is.

The official introduction of ZTE is here

http://**.**.**.**/cn/products/access/dslam/201405/t20140515_423907.html

Select two segments

ZXDSL 9806H is a small-capacity full-service access platform tailored for FTTx application scenarios. It is ideal for FTTB/C small-capacity application scenarios and can be used as FTTx MDU or small DSLAM applications.

 

Supports ADSL2 +, VDSL2, POTS, LAN, SHDSL, and other types of broadband access; supports GE/FE, EPON/GPON, 10G-EPON, and many other uplink connections; supports point-to-point (P2P) and point-to-point (P2MP) applications, supports star, chain, ring and other networking methods.

A lot of data is mosaic.

The appearance of the previous graph is long.

This is how it is split.

Well, to put it bluntly, the line is from this device when we pull fiber cables at home to pull broadband. This should be reboot, boom, and the film cannot be viewed.

Then reset it.

I just said that I scanned the **. ** network segment. What did I scan?

Yes, 22 ZTE 9806 H are scanned, and the test shows that 16 weak passwords can be used to log on.

Weak Password admin/admin

As for what you can do by logging in here, the command is the same as http: // **. **/bugs/wooyun-2015-0144850.

Last few

1. This is a direct telnet login, prompting to start by pressing enter

2. Enter the weak password admin/admin to go to normal mode. Enter? The command list is displayed.

3. Enter the enable and password admin to enter the God mode. Choose reboot/reset.

Finally, attach the tested IP address that can be logged on.

**.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.** **.**.**.**

Only the **. ** network segment is scanned here. All the IP addresses that can log on normally belong to Heilongjiang Unicom. For a wide range of scanning tests, the time and bandwidth are limited. The tests are not continued, but the risks are not excluded. We hope operators will pay attention to it.

Solution:

Enhanced security awareness of O & M personnel

Eliminate low-level weak passwords.