CVE-2015-8703 – ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-8703
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y descubrir credenciales y claves, leyendo el archivo de configuración, una vulnerabilidad diferente a CVE-2015-7248. • https://www.exploit-db.com/exploits/38773 http://www.securityfocus.com/bid/77421 https://www.kb.cert.org/vuls/id/391604 https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-4155 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4155
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. Vulnerabilidad de CSRF en el router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian la contraseña de administración a través de una solicitud hacia Forms/tools_admin_1. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-4018 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4018
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. El router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK tiene una contraseña de administración por defecto para la cuenta de administración, lo que facilita a atacantes remotos obtener acceso a través de vectores no especificados. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-255: Credentials Management Errors •
CVE-2014-4154 – ZTE WXV10 W300 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. El router ZTE ZXV10 W300 con firmware W300V1.0.0a_ZRD_LK almacena información sensible en el root del web con un control de acceso insuficiente, lo que permite a atacantes remotos obtener la contraseña PPPoE/PPPoA a través de una solicitud directa para basic/tc2wanfun.js. ZTE WXV10 W300 suffers from suffers from backup disclosure, cross site request forgery, denial of service, and file disclosure vulnerabilities. • https://www.exploit-db.com/exploits/33803 http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html http://www.exploit-db.com/exploits/33803 https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls •