Security Bug with ZTE ZXDSL 531B Modem/Router


Recently, I was working with my ZTE ZXDSL 531B ADSL Modem/Router and after finishing configuration, I rebooted the modem. Unfortunately, I forgot to close the page and soon enough I was presented with repeated reboots. I started wondering as to why such thing would happen. So, I went to the source code saw that the script of was reloading the page every 2 minutes (it was clearly stated on the page but somehow I missed it :D).

So, I extracted the link and opened it in another browser.

This is what the link was:

Honestly speaking, I was expecting a Basic Authentication box asking me for my ID & Password. But, to my utter shock, the page got displayed. And within few seconds, my network was gone. My modem had rebooted without authenticating the user!!!

Think of this in a scenario of open network. Anyone connected to my network via LAN or WLAN can reboot my modem. I’ll be disconnected for almost 1 minute (That’s the time my modem takes to reboot) and repeated calls to the modem will just make hell of my life.

I also came across another bug on this modem. Here are the details.

So make sure that you have secured your WLAN properly to avoid being exploited.