3 matches found
CVE-2014-4154
ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js...
CVE-2014-4154
The CVE-2014-4154 entry concerns the ZTE ZXV10 W300 router (firmware W300V1.0.0a_ZRD_LK). The issue is improper access control that stores sensitive information under the web root, enabling remote attackers to retrieve the PPPoE/PPPoA password via a direct request to basic/tc2wanfun.js. The docum...
ZTE WXV10 W300 Disclosure / CSRF / Default
Exploit Title: ZTE WXV10 W300 Multiple Vulnerabilities Date: 17-05-2014 Server Version: RomPager/4.07 UPnP/1.0 Tested Routers: ZTE ZXV10 W300 Firmware: W300V1.0.0aZRDLK ADSL Firmware: FwVer:3.11.2.175TC3086 HwVer:T14.F75.0 Tested on: Kali Linux x8664 Exploit Author: Osanda Malith Jayathissa...