Vulnerabilities > CVE-2015-7257 - Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Password Recovery Exploitation An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure. Most of them use only one security question . For instance, mother's maiden name tends to be a fairly popular one. Unfortunately in many cases this information is not very hard to find, especially if the attacker knows the legitimate user. These generic security questions are also re-used across many applications, thus making them even more insecure. An attacker could for instance overhear a coworker talking to a bank representative at the work place and supplying their mother's maiden name for verification purposes. An attacker can then try to log in into one of the victim's accounts, click on "forgot password" and there is a good chance that the security question there will be to provide mother's maiden name. A weak password recovery scheme totally undermines the effectiveness of a strong password scheme.
Exploit-Db
description | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities. CVE-2015-7257,CVE-2015-7258,CVE-2015-7259. Webapps exploit for hardware platform |
file | exploits/hardware/webapps/38772.txt |
id | EDB-ID:38772 |
last seen | 2016-02-04 |
modified | 2015-11-20 |
platform | hardware |
port | 80 |
published | 2015-11-20 |
reporter | Karn Ganeshen |
source | https://www.exploit-db.com/download/38772/ |
title | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities |
type | webapps |
Packetstorm
data source https://packetstormsecurity.com/files/download/134493/zteadlzxv10w300-backdoordisclose.txt id PACKETSTORM:134493 last seen 2016-12-05 published 2015-11-20 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html title ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor data source https://packetstormsecurity.com/files/download/134336/zteadsl-bypass.txt id PACKETSTORM:134336 last seen 2016-12-05 published 2015-11-14 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html title ZTE ADSL Authorization Bypass / Information Disclosure
References
- http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
- http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
- http://seclists.org/fulldisclosure/2015/Nov/48
- http://seclists.org/fulldisclosure/2015/Nov/48
- https://www.exploit-db.com/exploits/38772/
- https://www.exploit-db.com/exploits/38772/