Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities | 20 Nov 201500:00 | – | zdt |
 | ZTE ZXHN H108N R1A Privilege Bypass Vulnerability | 15 Nov 201500:00 | – | cnvd |
 | CVE-2015-7249 | 30 Dec 201502:00 | – | cvelist |
 | ZTE ZXHN H108N R1A / ZXV10 W300 Routers - Multiple Vulnerabilities | 20 Nov 201500:00 | – | exploitdb |
 | EUVD-2015-7180 | 7 Oct 202500:30 | – | euvd |
 | ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities | 20 Nov 201500:00 | – | exploitpack |
 | CVE-2015-7249 | 30 Dec 201505:59 | – | nvd |
 | Multiple ADSL Routers Directory Traversal Vulnerability (Mar 2015) - Active Check | 23 Mar 201500:00 | – | openvas |
 | ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization | 20 Nov 201500:00 | – | packetstorm |
 | Design/Logic Flaw | 30 Dec 201505:59 | – | prion |
10
Node
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/38773/ |
| kb | www.kb.cert.org/vuls/id/BLUU-9ZDJWA |
| kb | www.kb.cert.org/vuls/id/391604 |
| securityfocus | www.securityfocus.com/bid/77421 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| getpage | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| var:menu | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| var:page | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| var:subpage | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| obj:action | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| %3Ausername | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| %3Apassword | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| %3Aaction | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| %3Asessionid | query param | /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd | By manipulating client-side request parameters, an attacker can access a password change function that should be restricted to non-admin users. | CWE-264 |
| getpage | request body | /cgi-bin/webproc | Webproc getpage parameter accepts unrestricted file paths, enabling reading arbitrary files on the device (path traversal). | CWE-264 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 May 2026 22:30Current
6.7Medium risk
Vulners AI Score6.7
CVSS 34.9
CVSS 26.8
EPSS0.14508