Vulnerabilities > CVE-2014-4018 - Credentials Management vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
COMPLETE
Availability impact
NONE
network
low complexity
zte
CWE-255
exploit available

Summary

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.

Vulnerable Configurations

Part Description Count
OS
Zte
1
Hardware
Zte
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionZTE WXV10 W300 - Multiple Vulnerabilities. CVE-2014-4018,CVE-2014-4019,CVE-2014-4154,CVE-2014-4155. Webapps exploit for hardware platform
fileexploits/hardware/webapps/33803.txt
idEDB-ID:33803
last seen2016-02-03
modified2014-06-18
platformhardware
port
published2014-06-18
reporterOsanda Malith
sourcehttps://www.exploit-db.com/download/33803/
titleZTE WXV10 W300 - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127129/ztewxv10-defaultdisclosecsrfdos.txt
idPACKETSTORM:127129
last seen2016-12-05
published2014-06-17
reporterOsanda Malith
sourcehttps://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html
titleZTE WXV10 W300 Disclosure / CSRF / Default

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:86988
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-86988
titleZTE WXV10 W300 - Multiple Vulnerabilities