Vulnerabilities > CVE-2014-4018 - Credentials Management vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
NONE Summary
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ZTE WXV10 W300 - Multiple Vulnerabilities. CVE-2014-4018,CVE-2014-4019,CVE-2014-4154,CVE-2014-4155. Webapps exploit for hardware platform |
| file | exploits/hardware/webapps/33803.txt |
| id | EDB-ID:33803 |
| last seen | 2016-02-03 |
| modified | 2014-06-18 |
| platform | hardware |
| port | |
| published | 2014-06-18 |
| reporter | Osanda Malith |
| source | https://www.exploit-db.com/download/33803/ |
| title | ZTE WXV10 W300 - Multiple Vulnerabilities |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/127129/ztewxv10-defaultdisclosecsrfdos.txt |
| id | PACKETSTORM:127129 |
| last seen | 2016-12-05 |
| published | 2014-06-17 |
| reporter | Osanda Malith |
| source | https://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html |
| title | ZTE WXV10 W300 Disclosure / CSRF / Default |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:86988 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-86988 |
| title | ZTE WXV10 W300 - Multiple Vulnerabilities |