CVE-2015-7258
ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
Los modems ZTE ADSL ZXV10 W300, W300V2.1.0f_ER7_PE_O57 y W300V2.1.0h_ER7_PE_O57 permiten que usuarios remotos autenticados obtengan las contraseñas de usuario mostrando información de usuario en una conexión Telnet.
ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-18 CVE Reserved
- 2015-11-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html | Third Party Advisory |
|
| http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2015/Nov/48 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38772 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zte Search vendor "Zte" | Zxv10 W300 Firmware Search vendor "Zte" for product "Zxv10 W300 Firmware" | w300v2.1.0f_er7_pe_o57 Search vendor "Zte" for product "Zxv10 W300 Firmware" and version "w300v2.1.0f_er7_pe_o57" | - |
Affected
| in | Zte Search vendor "Zte" | Zxv10 W300 Search vendor "Zte" for product "Zxv10 W300" | - | - |
Safe
|
| Zte Search vendor "Zte" | Zxv10 W300 Firmware Search vendor "Zte" for product "Zxv10 W300 Firmware" | w300v2.1.0h_er7_pe_o57 Search vendor "Zte" for product "Zxv10 W300 Firmware" and version "w300v2.1.0h_er7_pe_o57" | - |
Affected
| in | Zte Search vendor "Zte" | Zxv10 W300 Search vendor "Zte" for product "Zxv10 W300" | - | - |
Safe
|