Vulnerabilities > CVE-2014-8356 - Authorization Bypass Through User-Controlled Key vulnerability in Dasanzhone Znid 2426A Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ZHONE < S3.0.501 - Multiple Vulnerabilities. CVE-2014-8356,CVE-2014-8357,CVE-2014-9118. Remote exploit for hardware platform |
file | exploits/hardware/remote/38453.txt |
id | EDB-ID:38453 |
last seen | 2016-02-04 |
modified | 2015-10-13 |
platform | hardware |
port | |
published | 2015-10-13 |
reporter | Lyon Yang |
source | https://www.exploit-db.com/download/38453/ |
title | ZHONE < S3.0.501 - Multiple Vulnerabilities |
type | remote |
Packetstorm
data source | https://packetstormsecurity.com/files/download/133921/VP-2015-002.txt |
id | PACKETSTORM:133921 |
last seen | 2016-12-05 |
published | 2015-10-12 |
reporter | Lyon Yang |
source | https://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html |
title | Zhone Insecure Reference / Password Disclosure / Command Injection |
References
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
- http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2015/Oct/57
- http://seclists.org/fulldisclosure/2015/Oct/57
- https://www.exploit-db.com/exploits/38453/
- https://www.exploit-db.com/exploits/38453/