6 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y descubrir credenciales y claves, leyendo el archivo de configuración, una vulnerabilidad diferente a CVE-2015-7248. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. Vulnerabilidad de salto de ruta absoluta en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos leer archivos arbitrarios a través de un nombre de ruta completo en el parámetro getpage. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro errorpage. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE tienen una contraseña embebida de root para la cuenta root, lo que permite a atacantes remotos obtener acceso administrativo a través de una sesión TELNET. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso a través de una petición modificada, según lo demostrado aprovechando la cuenta de soporte para cambiar una contraseña a través de una acción accountpsd cgi-bin/webproc. ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-264: Permissions, Privileges, and Access Controls •