Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Znid 2426a Firmware Security Vulnerabilities

cve
cve

CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.

8.8CVSS

8.1AI Score

0.014EPSS

2019-11-21 10:15 PM
100
In Wild
cve
cve

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.

8.8CVSS

8.5AI Score

0.021EPSS

2017-10-17 04:29 PM
23
In Wild
cve
cve

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

8.8CVSS

9AI Score

0.015EPSS

2017-10-17 04:29 PM
31
In Wild