CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4155 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. Vulnerabilidad de CSRF en el router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian la contraseña de administración a través de una solicitud hacia Forms/tools_admin_1. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4018 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. El router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK tiene una contraseña de administración por defecto para la cuenta de administración, lo que facilita a atacantes remotos obtener acceso a través de vectores no especificados. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4154 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. El router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK almacena información sensible en el root del web con un control de acceso insuficiente, lo que permite a atacantes remotos obtener la contraseña PPPoE/PPPoA a través de una solicitud directa para basic/tc2wanfun.js. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 4CVE-2014-4019 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. El enrutador ZTE ZXV10 W300 versiones de firmware W300V1.0.0a_ZRD_LK, almacena información confidencial en la web root con un control de acceso insuficiente, lo que permite a atacantes remotos leer archivos de respaldo por medio de una petición directa para rom-0. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 http://www.osvdb.org/102668 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 21%CPEs: 1EXPL: 1CVE-2014-0329 – ZTE ZXV10 W300 Router - Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2014-0329
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. El servicio TELNET del router ZTE ZXV10 W300 2.1.0 tiene una contraseña embebida terminada en aircon para la cuenta admin que permite a atacantes remotos obtener acceso administrativo conociendo los carateres de la dirección MAC presentes en el comienzo de la contraseña. • https://www.exploit-db.com/exploits/31527 http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html http://osvdb.org/102816 http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html http://www.kb.cert.org/vuls/id/228886 http://www.securityfocus.com/bid/65310 https://exchange.xforce.ibmcloud.com/vulnerabilities/90958 • CWE-255: Credentials Management Errors •