CVE-2014-0329
ZTE ZXV10 W300 Router - Hard-Coded Credentials
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
El servicio TELNET del router ZTE ZXV10 W300 2.1.0 tiene una contraseña embebida terminada en aircon para la cuenta admin que permite a atacantes remotos obtener acceso administrativo conociendo los carateres de la dirección MAC presentes en el comienzo de la contraseña.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-05 CVE Reserved
- 2014-02-04 CVE Published
- 2014-02-09 First Exploit
- 2024-08-06 CVE Updated
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html | X_refsource_misc | |
| http://osvdb.org/102816 | Vdb Entry | |
| http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html | X_refsource_misc |
|
| http://www.kb.cert.org/vuls/id/228886 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/65310 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90958 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31527 | 2014-02-09 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxv10 W300 Search vendor "Zte" for product "Zxv10 W300" | 2.1.0 Search vendor "Zte" for product "Zxv10 W300" and version "2.1.0" | - |
Affected
| ||||||