Page 2 of 9 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro errorpage. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE tienen una contraseña embebida de root para la cuenta root, lo que permite a atacantes remotos obtener acceso administrativo a través de una sesión TELNET. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso a través de una petición modificada, según lo demostrado aprovechando la cuenta de soporte para cambiar una contraseña a través de una acción accountpsd cgi-bin/webproc. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos descubrir nombres de usuario y hashes de contraseñas leyendo el código fuente HTML cgi-bin/webproc, una vulnerabilidad diferente a CVE-2015-8703. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •