ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
CPE | Name | Operator | Version |
---|---|---|---|
zxv10_w300_firmware | eq | 1.0.0-azrdlk |