EUVD-2014-4086

Malware in sbrugna...

CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0...

Improper access control

ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0...

CVE-2014-4019

CVE-2014-4019 affects ZTE ZXV10 W300 routers (firmware W300V1.0.0a_ZRD_LK). The issue is improper access control that allows remote attackers to read the ROM-0 backup file via a direct request, exposing sensitive router configuration/password data. Described in NVD as a network-attackable vulnera...

CVE-2014-4019

ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0...

ZTE ADSL ZXV10 W300 Password Interception Vulnerability

The ZTE ADSL ZXV10 W300 is an ADSL modem Modem product from China's ZTE Corporation ZTE. A security vulnerability exists in the ZTE ADSL ZXV10 W300 W300V2.1.0fER7PEO57 version and W300V2.1.0hER7PEO57 version. A remote attacker can exploit this vulnerability to change the administrator password by...

ZTE ADSL ZXV10 W300 Information Disclosure Vulnerability

The ZTE ADSL ZXV10 W300 is an ADSL modem Modem product from China's ZTE Corporation ZTE. A security vulnerability exists in ZTE ADSL ZXV10 W300 W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57. A remote attacker can exploit the vulnerability by logging into the target account with the help of arbitrar...

Default credentials

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

CVE-2015-7258

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection...

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin"...

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

Code injection

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection...

CVE-2015-7257

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin"...

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems (W300V2.1.0f_ER7_PE_O57, W300V2.1.0h_ER7_PE_O57) expose an authentication flaw where a remote authenticated user can log in to a target account using any valid username/password pair, effectively enabling unauthorized access via multiple credential pairs (information di...

CVE-2015-7257

The CVE-2015-7257 entry concerns ZTE ADSL ZXV10 W300 modems (versions W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57). A remote authenticated non-administrator user can change the administrator password by intercepting an outgoing password-change request and tampering the username parameter fr...

CVE-2015-7259

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs...

CVE-2015-7258

CVE-2015-7258 affects ZTE ADSL ZXV10 W300 modems (W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57). The CNVD/NVD entries describe an information-disclosure flaw where remote authenticated users can obtain user passwords by displaying user information in a Telnet connection. The root cause detai...

CVE-2015-7258

ZTE ADSL ZXV10 W300 modems W300V2.1.0fER7PEO57 and W300V2.1.0hER7PEO57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection...

Design/Logic Flaw

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE and ZXV10 W300 devices W300V1.0.0fER1PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248...

CVE-2015-8703

CVE-2015-8703 affects ZTE ZXHN H108N R1A (before ZXHNH108NR1A.k_PE) and ZXV10 W300 (W300V1.0.0f_ER1_PE). Root cause: remote authenticated users can read the device configuration file to bypass access restrictions and discover credentials and keys. Impact: information disclosure (credentials/keys)...