Lucene search

[email protected]CVE-2014-0329

HistoryFeb 04, 2014 - 5:39 a.m.

CVE-2014-0329

2014-02-0405:39:00

CWE-255

[email protected]

web.nvd.nist.gov

cve-2014-0329

zte

router

hardcoded password

telnet

remote access

security vulnerability

6.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.257 Low

EPSS

Percentile

96.6%

JSON

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

CPENameOperatorVersion
zte:zxv10_w300zte zxv10 w300eq2.1.0

CPE	Name	Operator	Version
zte:zxv10_w300	zte zxv10 w300	eq	2.1.0

References

blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html

osvdb.org/102816

packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html

www.kb.cert.org/vuls/id/228886

www.securityfocus.com/bid/65310

exchange.xforce.ibmcloud.com/vulnerabilities/90958

6.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.257 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2014-0329

packetstorm1 nessus1 zdt1 exploitpack1 seebug2 prion1 cert2 openvas1 exploitdb1