CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 1CVE-2015-8703 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8703
30 Dec 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones d... • https://www.exploit-db.com/exploits/38773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 2CVE-2015-7248 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7248
20 Nov 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos descubrir nombres de usuario y hashes de contraseñas leyendo el código fuente HTML cgi-bin/webproc, una vulnerabilidad diferente a CVE-2015-8703. ZTE ZXHN H108N R1A and ZXV10 W300 ... • https://packetstorm.news/files/id/134492 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 2CVE-2015-7252 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7252
20 Nov 2015 — Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro errorpage. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer fro... • https://packetstorm.news/files/id/134492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 35%CPEs: 2EXPL: 2CVE-2015-7250 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7250
20 Nov 2015 — Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. Vulnerabilidad de salto de ruta absoluta en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos leer archivos arbitrarios a través de un nombre de ruta completo en el parámetro getpage. ZTE ZXHN H108N R1A and ZXV10 W300... • https://packetstorm.news/files/id/134492 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 9%CPEs: 2EXPL: 2CVE-2015-7249 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7249
20 Nov 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso a través de una petición modificada, según lo demostrado aprovechando la c... • https://packetstorm.news/files/id/134492 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 2CVE-2015-7251 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7251
20 Nov 2015 — ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE tienen una contraseña embebida de root para la cuenta root, lo que permite a atacantes remotos obtener acceso administrativo a través de una sesión TELNET. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, in... • https://packetstorm.news/files/id/134492 • CWE-255: Credentials Management Errors •