Lucene search
K

20 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/04/13 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.8CVSS7.4AI score0.05441EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEV
added 2022/04/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS7.6AI score0.53364EPSS
Exploits4References1
NVD
NVD
added 2019/09/05 2:15 p.m.29 views

CVE-2019-10677

Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...

6.1CVSS6.1AI score0.07253EPSS
Exploits5References4
CVE
CVE
added 2019/09/05 1:23 p.m.77 views

CVE-2019-10677

CVE-2019-10677 affects DASAN Zhone ZNID GPON 2426A EU (S3.1.285 and earlier). The flaw is a lack of proper validation/sanitization in the web interface, enabling Cross-Site Scripting via unsanitized GET parameters: /zhndnsdisplay.cmd (name) and /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). Docum...

6.1CVSS6.1AI score0.07253EPSS
Exploits5References4Affected Software1
0day.today
0day.today
added 2019/09/05 12:0 a.m.53 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...

4.3CVSS0.07253EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/04 12:0 a.m.297 views

DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.4AI score0.07253EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/04 12:0 a.m.348 views

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

6.1CVSS6.5AI score0.07253EPSS
Exploits5
NVD
NVD
added 2017/10/17 4:29 p.m.18 views

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS9.1AI score0.53364EPSS
Exploits4References4
NVD
NVD
added 2017/10/17 4:29 p.m.17 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.8CVSS8.6AI score0.05441EPSS
Exploits4References4
Prion
Prion
added 2017/10/17 4:29 p.m.16 views

Code injection

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...

9CVSS8.2AI score0.53364EPSS
Exploits4References4
CVE
CVE
added 2017/10/17 4:0 p.m.183 views

CVE-2014-9118

CVE-2014-9118 affects Zhone zNID GPON 2426A (and related 24xx/42xx/26xx/28xx series) prior to S3.0.501. The issue is a command-injection vulnerability in the web admin portal: remote attackers can execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Root cau...

9CVSS9AI score0.53364EPSS
In wildExploits4References4Affected Software1
Cvelist
Cvelist
added 2017/10/17 4:0 p.m.21 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...

8.7AI score0.05441EPSS
Exploits4References4
CVE
CVE
added 2017/10/17 4:0 p.m.174 views

CVE-2014-8357

CVE-2014-8357 affects Zhone zNID GPON 2426A prior to S3.0.501. The web admin backupsettings.html exposes a sessionKey in the URL, enabling a remote attacker to retrieve all user passwords from backupsettings.conf via a getConfig action. This is supported by multiple connected sources noting an in...

8.8CVSS8.5AI score0.05441EPSS
In wildExploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.62 views

CVE-2014-8357

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. Recent assessments: Assessed...

8.8CVSS8.3AI score0.05441EPSS
In wildExploits4References5
ATTACKERKB
ATTACKERKB
added 2017/10/17 12:0 a.m.25 views

CVE-2014-9118

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9CVSS9AI score0.53364EPSS
In wildExploits4References5
CNVD
CNVD
added 2015/11/01 12:0 a.m.5 views

Zhone Technologies zNID GPON Remote Code Execution Vulnerability

Zhone Technologies zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx are router products from Zhone Technologies, USA. A remote code execution vulnerability exists in the web administrator console of the Zhone Technologies zNID GPON, which allows remote attackers to submit a special request to...

9CVSS8.6AI score0.53364EPSS
Exploits4References1
Exploit DB
Exploit DB
added 2015/10/16 12:0 a.m.40 views

ZHONE < S3.0.501 - Multiple Remote Code Execution Vulnerabilities

Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: Paper...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.31 views

ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities

ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS6.9AI score0.53364EPSS
Exploits6References2
0day.today
0day.today
added 2015/10/13 12:0 a.m.51 views

ZHONE Remote Code Execution Exploit

ZHONE ZNID GPON 2426A versions prior to S3.0.501 suffer from buffer overflow vulnerabilities. Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE...

7.5AI score
Exploits0
Packet Storm
Packet Storm
added 2015/10/12 12:0 a.m.78 views

Zhone Insecure Reference / Password Disclosure / Command Injection

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: Summary:...

7.7CVSS0.2AI score0.53364EPSS
Exploits6
Rows per page
Query Builder