CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 4CVE-2014-4154 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. El router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK almacena información sensible en el root del web con un control de acceso insuficiente, lo que permite a atacantes remotos obtener la contraseña PPPoE/PPPoA a través de una solicitud directa para basic/tc2wanfun.js. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 44%CPEs: 2EXPL: 4CVE-2014-4019 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4019
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. El enrutador ZTE ZXV10 W300 versiones de firmware W300V1.0.0a_ZRD_LK, almacena información confidencial en la web root con un control de acceso insuficiente, lo que permite a atacantes remotos leer archivos de respaldo por medio de una petición directa para rom-0. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 http://www.osvdb.org/102668 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 95%CPEs: 2EXPL: 1CVE-2014-2321
https://notcve.org/view.php?id=CVE-2014-2321
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. web_shell_cmd.gch en los cable modems ZTE F460 y F660 permite a atacantes remotos obtener acceso administrativo a través de solicitudes sendcmd, tal y como fue demostrado por el uso de comandos "set TelnetCfg" para habilitar un servicio TELNET con credenciales especificadas. • http://www.kb.cert.org/vuls/id/600724 http://www.myxzy.com/post-411.html https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 21%CPEs: 1EXPL: 1CVE-2014-0329 – ZTE ZXV10 W300 Router - Hard-Coded Credentials
https://notcve.org/view.php?id=CVE-2014-0329
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. El servicio TELNET del router ZTE ZXV10 W300 2.1.0 tiene una contraseña embebida terminada en aircon para la cuenta admin que permite a atacantes remotos obtener acceso administrativo conociendo los carateres de la dirección MAC presentes en el comienzo de la contraseña. • https://www.exploit-db.com/exploits/31527 http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html http://osvdb.org/102816 http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html http://www.kb.cert.org/vuls/id/228886 http://www.securityfocus.com/bid/65310 https://exchange.xforce.ibmcloud.com/vulnerabilities/90958 • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-4746 – ZTE - Change Admin Password
https://notcve.org/view.php?id=CVE-2012-4746
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. Vulnerabilidad de fasificación de peticiones en sitios cruzados (CSRF) en accessaccount.cgi de ZTE ZXDSL 831IIV7.5.0a_Z29_OV permite a atacantes remotos secuestrar la autenticación del administrador para solicitar el cambio de la contraseña de administrador, a través del parámetro sysPassword. • https://www.exploit-db.com/exploits/18722 https://www.exploit-db.com/exploits/18061 http://www.exploit-db.com/exploits/18722 • CWE-352: Cross-Site Request Forgery (CSRF) •