Vulnerabilities > CVE-2015-7258 - Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities. CVE-2015-7257,CVE-2015-7258,CVE-2015-7259. Webapps exploit for hardware platform |
file | exploits/hardware/webapps/38772.txt |
id | EDB-ID:38772 |
last seen | 2016-02-04 |
modified | 2015-11-20 |
platform | hardware |
port | 80 |
published | 2015-11-20 |
reporter | Karn Ganeshen |
source | https://www.exploit-db.com/download/38772/ |
title | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities |
type | webapps |
Packetstorm
data source https://packetstormsecurity.com/files/download/134493/zteadlzxv10w300-backdoordisclose.txt id PACKETSTORM:134493 last seen 2016-12-05 published 2015-11-20 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html title ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor data source https://packetstormsecurity.com/files/download/134336/zteadsl-bypass.txt id PACKETSTORM:134336 last seen 2016-12-05 published 2015-11-14 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html title ZTE ADSL Authorization Bypass / Information Disclosure