Vulnerabilities > CVE-2015-7251 - Credentials Management vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities. CVE-2015-7248,CVE-2015-7249,CVE-2015-7250,CVE-2015-7251,CVE-2015-7252,CVE-2015-8703. Webap... |
file | exploits/hardware/webapps/38773.txt |
id | EDB-ID:38773 |
last seen | 2016-02-04 |
modified | 2015-11-20 |
platform | hardware |
port | |
published | 2015-11-20 |
reporter | Karn Ganeshen |
source | https://www.exploit-db.com/download/38773/ |
title | ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/134492/ztezxhnh108n-traversaldisclose.txt |
id | PACKETSTORM:134492 |
last seen | 2016-12-05 |
published | 2015-11-20 |
reporter | Karn Ganeshen |
source | https://packetstormsecurity.com/files/134492/ZTE-ZXHN-H108N-R1A-ZXV10-W300-Traversal-Disclosure-Authorization.html |
title | ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization |
References
- http://www.securityfocus.com/bid/77421
- http://www.securityfocus.com/bid/77421
- https://www.exploit-db.com/exploits/38773/
- https://www.exploit-db.com/exploits/38773/
- https://www.kb.cert.org/vuls/id/391604
- https://www.kb.cert.org/vuls/id/391604
- https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA
- https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA