Lucene search

[email protected]CVE-2015-7251

HistoryDec 30, 2015 - 5:59 a.m.

CVE-2015-7251

2015-12-3005:59:04

CWE-255

[email protected]

web.nvd.nist.gov

cve-2015-7251

zte

zxhn h108n r1a

hardcoded password

remote attackers

administrative access

telnet session

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

Affected configurations

NVD

Node

ztezxhn_h108n_r1a_firmwareRange≤zte.bhs.zxhnh108nr1a.h_pe

AND

ztezxhn_h108n_r1a

CPENameOperatorVersion
zte:zxhn_h108n_r1a_firmwarezte zxhn h108n r1a firmwarelezte.bhs.zxhnh108nr1a.h_pe

CPE	Name	Operator	Version
zte:zxhn_h108n_r1a_firmware	zte zxhn h108n r1a firmware	le	zte.bhs.zxhnh108nr1a.h_pe

References

www.securityfocus.com/bid/77421

www.exploit-db.com/exploits/38773/

www.kb.cert.org/vuls/id/391604

www.kb.cert.org/vuls/id/BLUU-9ZDJWA

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2015-7251

prion1 nvd1 cvelist1 zdt1 cert1 packetstorm1 exploitpack1 openvas1 exploitdb1