Enter the default user name admin and password admin, and then click the OK button to enter the main page for configuration, as shown in Figure 6.
It also uses RomPager and is vulnerable to the authentication bypass mentioned in previous blogs. Request the /rom-0 binary and reverse it using this tool. The first string is the admin password. Tested on firmware version W300V1.0.0a_ZRD_CO3.
The ZXDSL 831CII from ZTE does not look like a TP-Link router. It’s either their own code or a different vendors. It suffers from the RomPager /rom-0 bypass though.
Software Version = ZXDSL 831CIIV2.2.1a_Z43_MD
ADSL Firmware Version = FwVer:126.96.36.199_TC3086 HwVer:T14.F7_7.0