Several thousand of these devices are exposed to the Internet, according to a cursory search of the SHODAN Computer Search Engine:
which discusses how to remove web_shell_cmd.gch since it allows "any computer on the LAN can use this file to get the superuser password." The existence of this backdoor is apparently already known in some circles. Many ZTE F460/F660 cable modems, preferred by ChinaTelecom and other China-based ISPs, ship with an unauthenticated backdoor.
If you know a good security contact at ZTE, please let us know at so that we may get confirmation from the vendor the next time we have something security-related to discuss with their products. As always, our goal with this disclosure is to strengthen the security of the Internet as a whole. One usual aspect of this vulnerability is that it does not appear to be unique in its discovery, given the URLs cited below. We have had no response from the vendor to our queries for a suitable security contact and PGP key. Per Rapid7's disclosure policy at, we are disclosing a discovered vulnerability regarding SOHO routers from hardware manufacturer ZTE.
0 kommentar(er)
