CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7257 – ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7257
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". Los modems ZTE ADSL ZXV10 W300, W300V2.1.0f_ER7_PE_O57 y W300V2.1.0h_ER7_PE_O57 permiten que usuarios sin privilegio de administrador, autenticados y remotos cambien la contraseña de administrador interceptando una petición saliente de cambio de contraseña y cambiando el parámetro username de "support" a "admin". ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature. • https://www.exploit-db.com/exploits/38772 http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html http://seclists.org/fulldisclosure/2015/Nov/48 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7258 – ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7258
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Los modems ZTE ADSL ZXV10 W300, W300V2.1.0f_ER7_PE_O57 y W300V2.1.0h_ER7_PE_O57 permiten que usuarios remotos autenticados obtengan las contraseñas de usuario mostrando información de usuario en una conexión Telnet. ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature. • https://www.exploit-db.com/exploits/38772 http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html http://seclists.org/fulldisclosure/2015/Nov/48 • CWE-255: Credentials Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2015-7259 – ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-7259
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. Los modems ZTE ADSL ZXV10 W300, W300V2.1.0f_ER7_PE_O57 y W300V2.1.0h_ER7_PE_O57 permiten que las cuentas de usuario tengan múltiples pares válidos de nombre de usuario y contraseña, lo que permite que usuarios remotos autenticados inicien sesión en una cuenta objetivo mediante cualquiera de sus pares de nombre de usuario y contraseña. ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature. • https://www.exploit-db.com/exploits/38772 http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html http://seclists.org/fulldisclosure/2015/Nov/48 • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 7CVE-2014-8493 – ZTE ZXHN H108L - Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-8493
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. ZTE ZXHN H108L con firmware 4.0.0d_ZRQ_GR4 permite a atacantes remotos modificar la configuración del CWMP a través de una petición manipulada a Forms/access_cwmp1. • https://www.exploit-db.com/exploits/35272 https://www.exploit-db.com/exploits/35276 http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html http://seclists.org/fulldisclosure/2014/Nov/46 http://www.exploit-db.com/exploits/35272 http://www.exploit-db.com/exploits/35276 https://exchange.xforce.ibmcloud.com/vulnerabilities/98733 https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9183 – ZTE 831CII Hardcoded Credential / XSS / CSRF
https://notcve.org/view.php?id=CVE-2014-9183
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. ZTE ZXDSL 831CII tiene una contraseña de administración por defecto para la cuenta de administración, lo que permite a atacantes remotos ganar privilegios de administrador. ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html • CWE-255: Credentials Management Errors •