Page 1 of 1

ZTE H268A security issue

Posted: Fri Jun 08, 2018 1:06 am
by Franpa
https://www.arnnet.com.au/article/64154 ... p=2&fpid=1
https://www.arnnet.com.au/article/64208 ... -campaign/ ( security threat includs ZTE devices)

Does ZTE currently offer a firmware update to remedy this issue? Does ZTE know if the H268A Modem/Router that was previously offered by Exetel is affected by the issue? Is there a configuration change I can make to thwart the threat? I've already rebooted my device.

What would Exetel do if the security issue resulted in my modem being bricked because of this issue (hypothetical question)?

Re: ZTE H268A security issue

Posted: Fri Jun 08, 2018 7:56 am
by Dazzled
It affects Busybox according to my reading. This is the stripped-down Linux interface you will find if you enter by telnet. Later infestations in the device attack controllers. The suggested fix for the system is a factory reset (which replaces the working system including Busybox) and password changes.

It provides an example of why manufacturers should provide a CLI manual for these devices. Some do, others leave it to the inquisitive to find out for themselves.