← Advisories

ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit

High
Advisory ID
ZSL-2021-5647
Release Date
01 April 2021
Vendor
Zhejiang BC&TV Technology Co., Ltd. (ZBL) - http://www.zblchina.com, W&D Corporation (WAD TECHNOLOGY (THAILAND)) - http://www.wd-thailand.com
Affected Version
Firmwre: V100R001, Software model: HG104B-ZG-E / EONU-7114 / ZBL5932C CATV+PON Triple CPE, EONU Hardware Version V3.0, Software: V2.46.02P6T5S, Main Chip: RTL9607, Master Controller, Copyright (c) R&D
CVE
CVE-2021-47741
Tested On
GoAhead-Webs/2.5.0 PeerSec-MatrixSSL/3.1.3-OPEN
Summary

EONU-x GEPON ONU layer-3 home gateway/CPE broadband router.

Description

The application suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.

Proof of Concept
zbl_router_privs.txtTXT
Disclosure Timeline
31.01.2021Vulnerability discovered.
01.02.2021Contact with the vendor.
01.04.2021No response from the vendor.
01.04.2021Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/162065/
[2]https://www.exploit-db.com/exploits/49737
[3]https://cxsecurity.com/issue/WLB-2021040010
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/199302
[5]https://www.cve.org/CVERecord?id=CVE-2021-47741
Changelog
01.04.2021Initial release
02.04.2021Added reference [1], [2] and [3]
06.04.2021Added reference [4]
23.03.2026Added reference [5]