Lucene search

PRIOn knowledge basePRION:CVE-2014-0329

HistoryFeb 04, 2014 - 5:39 a.m.

Hardcoded credentials

2014-02-0405:39:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.257 Low

EPSS

Percentile

96.6%

JSON

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

CPENameOperatorVersion
zxv10_w300eq2.1.0

CPE	Name	Operator	Version
	zxv10_w300	eq	2.1.0

References

blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html

osvdb.org/102816

packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html

www.kb.cert.org/vuls/id/228886

www.securityfocus.com/bid/65310

exchange.xforce.ibmcloud.com/vulnerabilities/90958

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.257 Low

EPSS

Percentile

96.6%

JSON

Related for PRION:CVE-2014-0329