20 matches found
VulnCheck KEV: CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...
VulnCheck KEV: CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...
CVE-2019-10677
Multiple Cross-Site Scripting XSS issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd name, /wlsecrefresh.wl wlWscCfgMethod, wlwscreg...
CVE-2019-10677
CVE-2019-10677 affects DASAN Zhone ZNID GPON 2426A EU (S3.1.285 and earlier). The flaw is a lack of proper validation/sanitization in the web interface, enabling Cross-Site Scripting via unsanitized GET parameters: /zhndnsdisplay.cmd (name) and /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). Docum...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting Vulnerabilities
Exploit for hardware platform in category web applications Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Titl...
DASAN Zhone ZNID GPON 2426A EU Cross Site Scripting
Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...
DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting
Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...
CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...
Code injection
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd...
CVE-2014-9118
CVE-2014-9118 affects Zhone zNID GPON 2426A (and related 24xx/42xx/26xx/28xx series) prior to S3.0.501. The issue is a command-injection vulnerability in the web admin portal: remote attackers can execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Root cau...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf...
CVE-2014-8357
CVE-2014-8357 affects Zhone zNID GPON 2426A prior to S3.0.501. The web admin backupsettings.html exposes a sessionKey in the URL, enabling a remote attacker to retrieve all user passwords from backupsettings.conf via a getConfig action. This is supported by multiple connected sources noting an in...
CVE-2014-8357
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. Recent assessments: Assessed...
CVE-2014-9118
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Zhone Technologies zNID GPON Remote Code Execution Vulnerability
Zhone Technologies zNID GPON 24xx, 24xxA, 42xx, 42xxA, 26xx and 28xx are router products from Zhone Technologies, USA. A remote code execution vulnerability exists in the web administrator console of the Zhone Technologies zNID GPON, which allows remote attackers to submit a special request to...
ZHONE < S3.0.501 - Multiple Remote Code Execution Vulnerabilities
Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: Paper...
ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities
ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ZHONE Remote Code Execution Exploit
ZHONE ZNID GPON 2426A versions prior to S3.0.501 suffer from buffer overflow vulnerabilities. Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE...
Zhone Insecure Reference / Password Disclosure / Command Injection
Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: Summary:...