diff --git a/files.csv b/files.csv
index 3a07a3bce..a4d4c5ff3 100755
--- a/files.csv
+++ b/files.csv
@@ -31698,3 +31698,4 @@ id,file,description,date,author,platform,type,port
 35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0
 35190,platforms/windows/remote/35190.html,"Newv SmartClient 1.1.0 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities",2011-01-10,wsn1983,windows,remote,0
 35191,platforms/php/webapps/35191.txt,"CMS Tovar 'tovar.php' SQL Injection Vulnerability",2011-01-11,jos_ali_joe,php,webapps,0
+35203,platforms/hardware/webapps/35203.txt,"ZTE ZXDSL 831CII - Insecure Direct Object Reference",2014-11-10,"Paulos Yibelo",hardware,webapps,0
diff --git a/platforms/hardware/webapps/35203.txt b/platforms/hardware/webapps/35203.txt
new file mode 100755
index 000000000..320016475
--- /dev/null
+++ b/platforms/hardware/webapps/35203.txt
@@ -0,0 +1,31 @@
+# Exploit Title: ZTE ZXDSL 831 Insecure Direct Object Reference
+# Date: 11/3/2014
+# Exploit Author: Paulos Yibelo
+# Vendor Homepage: zte.com.cn
+# Software Link: -
+# Version: -
+# Tested on: Windows 7
+# CVE :-
+
+ZTE ZXDSL 831CII suffers from an insecure direct object reference
+vulnerability that allows for authentication bypass.
+
+The modem usually serves html files & protects them with HTTP Basic
+authentication. however, the cgi files, does not get this protection.
+so simply requesting any cgi file (without no authentication) would
+give a remote attacker full access to the modem and then can easily be
+used to root the modem and disrupt network activities.
+
+So requesting modem.ip.address would result HTTP Authentication
+request, but simply requesting http://192.168.1.1/main.cgi will bypass
+it.
+
+PoC: http://192.168.1.1/adminpasswd.cgi (will result admin password
+change page) - viewing the source will show the current password
+(unencrypted)
+http://192.168.1.1/userpasswd.cgi
+http://192.168.1.1/upload.cgi
+http://192.168.1.1/conprocess.cgi
+http://192.168.1.1/connect.cgi
+.
+.
diff --git a/platforms/windows/remote/33071.txt b/platforms/windows/remote/33071.txt
index cba8fd3c4..cc4e22d2c 100755
--- a/platforms/windows/remote/33071.txt
+++ b/platforms/windows/remote/33071.txt
@@ -5,9 +5,11 @@
 # Version: 4.6.0 -> 4.6.5
 # Tested on: Windows 2003/2008
 # CVE : CVE-2013-0140 , CVE-2013-0141
-# More info on: http://funoverip.net/?p=1685
+# More info on: http://funoverip.net/?p=1685 & https://github.com/funoverip/epowner
 
-PoC: http://www.exploit-db.com/sploits/ePowner.0.1.tar.gz
+PoC: 
+v0.1  - http://www.exploit-db.com/sploits/ePowner.0.1.tar.gz
+v0.2.1- http://www.exploit-db.com/sploits/epowner-0.2.1.zip
 
 =====================================================================================================
  INTRODUCTION