Question Is this a backdoor account in zte router ?

mina_7

Commendable
Jun 10, 2017
4
0
1,510
0
i found these when i opened the router config file using router pass view tool from nirsoft.

I can login using the username admin and the blurred password(my password).


But i can't login using these




although the enable value = 1
the only difference i see is the app ID
What would that be ? Why are they there ?
 

nigelivey

Distinguished
Tin foil hat required!! Not understanding why it is there doesnt make it nefarious. Have you researched this on the internet and found any hint of this? If you found this using readily available software I'd suggest the answer is no........people make a living out of finding this stuff!!
 

mina_7

Commendable
Jun 10, 2017
4
0
1,510
0
How many user accounts can be set up from within the GUI if you are an administrator?
only the admin account

but when i edit a bit in the html of the page
changing this value to one .. changes the username from admin to user making the number anyhigher doesn't do anything



i can change the username but can't get it to be enabled

the fetch request of that change
Code:
fetch("http://192.168.1.1/getpage.gch?pid=1002&nextpage=manager_aduser_conf_t.gch", {"credentials":"include","headers":{"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","accept-language":"en-US,en;q=0.9,ar;q=0.8,ru;q=0.7","cache-control":"max-age=0","content-type":"application/x-www-form-urlencoded","upgrade-insecure-requests":"1"},"referrer":"http://192.168.1.1/getpage.gch?pid=1002&nextpage=manager_aduser_conf_t.gch","referrerPolicy":"no-referrer-when-downgrade","body":"IF_ACTION=apply&IF_ERRORSTR=SUCC&IF_ERRORPARAM=SUCC&IF_ERRORTYPE=-1&IF_INDEX=1&Type=NULL&Enable=NULL&Username=user&Password=testtest&Right=NULL&Type0=1&Enable0=1&Username0=admin&Password0=******&Right0=1&Type1=1&Enable1=0&Username1=user&Password1=******&Right1=2&OldPassword=user&_SESSION_TOKEN=9812267521418555","method":"POST","mode":"cors"});
the page html code
https://pastebin.com/cULjHziC
 

ASK THE COMMUNITY

TRENDING THREADS