Vulnerabilities > CVE-2015-7251 - Credentials Management vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
zte
CWE-255
critical
exploit available

Summary

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

Vulnerable Configurations

Part Description Count
OS
Zte
1
Hardware
Zte
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities. CVE-2015-7248,CVE-2015-7249,CVE-2015-7250,CVE-2015-7251,CVE-2015-7252,CVE-2015-8703. Webap...
fileexploits/hardware/webapps/38773.txt
idEDB-ID:38773
last seen2016-02-04
modified2015-11-20
platformhardware
port
published2015-11-20
reporterKarn Ganeshen
sourcehttps://www.exploit-db.com/download/38773/
titleZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/134492/ztezxhnh108n-traversaldisclose.txt
idPACKETSTORM:134492
last seen2016-12-05
published2015-11-20
reporterKarn Ganeshen
sourcehttps://packetstormsecurity.com/files/134492/ZTE-ZXHN-H108N-R1A-ZXV10-W300-Traversal-Disclosure-Authorization.html
titleZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization