Extreme Networks IQ Engine 安全漏洞

Extreme Networks IQ Engine is an engine by Extreme Networks, Inc. A security vulnerability exists in Extreme Networks IQ Engine versions prior to 10.6r1a and versions prior to 10.6r4 through 10.6r5, which originates from a buffer overflow in the ahwebui service...

CVE-2015-7252

Cross-site scripting XSS vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter...

CVE-2015-7250

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter...

CVE-2015-7249

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action...

Hardcoded credentials

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter...

Path traversal

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter...

CVE-2015-7252

Cross-site scripting XSS vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter...

CVE-2015-7248

CVE-2015-7248 affects ZTE ZXHN H108N R1A and ZXV10 W300 routers. The vulnerability enables information exposure by allowing remote attackers to read the cgi-bin/webproc HTML source and obtain usernames and password hashes. This is a separate issue from CVE-2015-8703. Public sources in the connect...

CVE-2015-7251

CVE-2015-7251 affects ZTE ZXHN H108N R1A routers (and related models) where the Telnet service uses hard-coded credentials, enabling an attacker with network access to log in as root and gain full control. The root account password is fixed as 'root' in affected firmwares (e.g., ZTE.bhs.ZXHNH108N...

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session...

CVE-2015-7249

The provided connected sources document multiple CVEs (CVE-2015-7248 through CVE-2015-7252) affecting ZTE ZXHN H108N R1A (and related ZXV10 W300 variants). Affected components include the webproc CGI module and related pages, enabling: information exposure (credentials/config data in web sources ...

CVE-2015-7250

Affected devices: ZTE ZXHN H108N R1A and ZXV10 W300 routers. Vulnerability: CVE-2015-7250 — absolute path traversal in the webproc CGI module (cgi-bin/webproc) allows remote attackers to read arbitrary files via an unvalidated full pathname supplied to the getpage parameter. Root cause: unrestric...

CVE-2015-7249

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action...

CVE-2015-7252

The CVE-2015-7252 entry describes a reflected XSS in the ZTE ZXHN H108N R1A (and affected W300) devices’ webproc CGI, via the errorpage parameter. The vulnerability allows remote injection of script/HTML and could enable session-related issues or credential exposure as part of broader multi-CVE f...

CVE-2015-8703

CVE-2015-8703 affects ZTE ZXHN H108N R1A (before ZXHNH108NR1A.k_PE) and ZXV10 W300 (W300V1.0.0f_ER1_PE). Root cause: remote authenticated users can read the device configuration file to bypass access restrictions and discover credentials and keys. Impact: information disclosure (credentials/keys)...

ZTE ZXHN H108N R1A devices information disclosure vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. An information disclosure vulnerability exists in the ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE version and the ZXV10 W300 W300V1.0.0fER1PE. Allows remote attackers to bypass predetermined access rights and discov...

ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities

ZTE ZXHN H108N R1A ZXV10 W300 Routers - Multiple Vulnerabilities Exploit Title: ZTE ZXHN H108N R1A + ZXV10 W300 routers - multiple vulnerabilities Discovered by: Karn Ganeshen CERT VU 391604 Vendor Homepage: www.zte.com.cn Versions Reported ZTE ZXHN H108N R1A - Software version ZTE.bhs.ZXHNH108NR...

ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization

Exploit Title: ZTE ZXHN H108N R1A + ZXV10 W300 routers - multiple vulnerabilities Discovered by: Karn Ganeshen CERT VU 391604 Vendor Homepage: www.zte.com.cn Versions Reported ZTE ZXHN H108N R1A - Software version ZTE.bhs.ZXHNH108NR1A ZTE ZXV10 W300 - Software version - w300v1.0.0fER1PE Overview...

ZTE ZXHN H108N R1A Information Disclosure Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. An information disclosure vulnerability exists in the ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE version and the ZXV10 W300 W300V1.0.0fER1PE, which allows remote attackers to exploit the vulnerability to obtain a...