Vulnerabilities > CVE-2014-8356 - Authorization Bypass Through User-Controlled Key vulnerability in Dasanzhone Znid 2426A Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ZHONE < S3.0.501 - Multiple Vulnerabilities. CVE-2014-8356,CVE-2014-8357,CVE-2014-9118. Remote exploit for hardware platform |
file | exploits/hardware/remote/38453.txt |
id | EDB-ID:38453 |
last seen | 2016-02-04 |
modified | 2015-10-13 |
platform | hardware |
port | |
published | 2015-10-13 |
reporter | Lyon Yang |
source | https://www.exploit-db.com/download/38453/ |
title | ZHONE < S3.0.501 - Multiple Vulnerabilities |
type | remote |
Packetstorm
data source | https://packetstormsecurity.com/files/download/133921/VP-2015-002.txt |
id | PACKETSTORM:133921 |
last seen | 2016-12-05 |
published | 2015-10-12 |
reporter | Lyon Yang |
source | https://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html |
title | Zhone Insecure Reference / Password Disclosure / Command Injection |