CERTVU:228886ZTE ZXV10 W300 router contains hardcoded credentials
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.257 Low
EPSS
Percentile
96.6%
Overview
ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798)
Description
ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is โadminโ and the password is โXXXXairoconโ where โXXXXโ is the last four characters of the deviceโs MAC address. The MAC address is obtainable over SNMP with community string public.
The vendor has provided a statement about this vulnerability.
Impact
A remote unauthenticated attacker may be able to obtain the MAC address of the device and log into the telnet service of the device with hardcoded credentials.
Solution
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Restrict Access
Enable firewall rules so the telnet service of the device is not accessible to untrusted sources. Enable firewall rules that block SNMP on the device.
Vendor Information
228886
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
ZTE Corporation __ Affected
Notified: December 03, 2013 Updated: March 14, 2014
Status
Affected
Vendor Statement
'According to the vulnerability found in ZTE ZXV10 W300 router version 2.1.0, a mitigation measure has been adopted in the W300 general frame structure versions after 2011, which means the ZTE ZXV10 W300 router produced since 2011 has closed the telnet default function to avoid the information security
incident caused by such vulnerability. If any customer has a special requirement, please follow the instructions in our product manual to open the telnet function, but ZTE will not bear the legal liability for any security incident loss that might be the consequence of this operation. If you have any questions please contact us by calling our 24h service hotline +86-755-26770188.โ
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Temporal | 7.2 | E:POC/RL:W/RC:UC |
| Environmental | 5.4 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://cwe.mitre.org/data/definitions/798.html>
- <http://wwwen.zte.com.cn/en/products/access/cpe/201302/t20130204_386351.html>
Acknowledgements
Thanks to Cesar Neira for reporting this vulnerability.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2014-0329 |
|---|---|
| Date Public: | 2014-02-03 Date First Published: |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.257 Low
EPSS
Percentile
96.6%