Vulnerabilities > CVE-2015-7251 - Credentials Management vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

zte

CWE-255

critical

exploit available

NVD

Published: 2015-12-30

Updated: 2017-09-13

Summary

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.H_Pe	1
Hardware	Zte ZTE Zxhn H108N R1A *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities. CVE-2015-7248,CVE-2015-7249,CVE-2015-7250,CVE-2015-7251,CVE-2015-7252,CVE-2015-8703. Webap...
file	exploits/hardware/webapps/38773.txt
id	EDB-ID:38773
last seen	2016-02-04
modified	2015-11-20
platform	hardware
port
published	2015-11-20
reporter	Karn Ganeshen
source	https://www.exploit-db.com/download/38773/
title	ZTE ZXHN H108N R1A, ZXV10 W300 Routers - Multiple Vulnerabilities
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/134492/ztezxhnh108n-traversaldisclose.txt
id	PACKETSTORM:134492
last seen	2016-12-05
published	2015-11-20
reporter	Karn Ganeshen
source	https://packetstormsecurity.com/files/134492/ZTE-ZXHN-H108N-R1A-ZXV10-W300-Traversal-Disclosure-Authorization.html
title	ZTE ZXHN H108N R1A / ZXV10 W300 Traversal / Disclosure / Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References