-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and
cleartext password storage
Author: Jerzy Patraszewski
Date: 10 July 2015
Affected software :
===
ZTE GPON: F427
Version:V3.0
--[Description]--
A vulnerability has been found in the downloader component for Joomla. It can
be exploited in various ways - from sensitive information disclosure to remote
code execution.
Input passed to controller is not properly sanitized, allowing attacker to
inject php code
via Local Fil