Zxhn H108n V2.3 Firmware Version 10.0

Zxhn h108n v2.3 firmware version 10.0 download

Router Screenshots for the ZTE ZXHN H108L. Firmware Upgrade for the ZTE ZXHN H108LRouter Sceenshot Back to the ZTE ZXHN H108L. One the config.bin files shared in a link in the comments under this question also has similar header structure to H201LV2.0Curconfig.bin but seems to be from an older firmware version. It appears that others are having difficulty with the same issue. Data Entropy and Entropy Analysis.

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
Publish Date : 2018-11-14 Last Update Date : 2019-10-09

Scroll To

Comments

External Links

- CVSS Scores & Vulnerability Types

CVSS Score
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	287

- Products Affected By CVE-2018-7358

#	Product Type	Vendor	Product	Version	Update	Edition	Language
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.

- References For CVE-2018-7358

http://www.securityfocus.com/bid/105963
BID 105963 ZTE ZXHN H168N CVE-2018-7358 Authorization Bypass Vulnerability Release Date:2018-11-15

https://www.exploit-db.com/exploits/45972/
EXPLOIT-DB 45972

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523 CONFIRM

- Metasploit Modules Related To CVE-2018-7358

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)

This is the fourth article in a series of articles documenting the reverse engineering of the TrendChip firmware image and the disassembly of its CRC checksum algorithm.

A small update for the newer firmware (1.17 as distributed by OTE).

tcrevenge was not working with the latest firmware because the version number of the firmware (called surprisingly model number in tcrevenge) was hard coded. Initial tests have been done with firmware 1.07 (model number: 3 6035 122 74) while the 1.17 firmware has model number: 3 6035 122 89.

Newest firmware do not allow older firmware to be uploaded so this was a major problem. Thanks to the efforts of user stav it was possible to identify the problem and add a command line option in tcrevenge to manually set the model number. Now when running tcrevenge in check mode it reads:

While I was at it I also added a command line argument for the field called firmware_version. Despite the classy name, looks like it is used only for printing and the firmware does not actually run any checks against it.

Zxhn H108n V2.3 Firmware Version 10.0 Windows 10

With these changes in place there are two variables left in the header section that we don’t know how they are used.

magic_number with value 0x32524448
magic_device with value 0x100 // this is probably the header size

if the need arises I will add a way to set them from the command line too – but it looks that some disassembly is required first.

Zxhn H108n V2.3 Firmware Version 10.0 Windows 10

The modifications are committed and pushed in the repository so you are ready to roll.

Looks like that version 1.17 as distributed by OTE has disabled the telnet functionality. Again read the comments of user stav how to solve this and how to get rid of the TR69 and CWMP functionality.