Vulnerabilities > CVE-2015-7258 - Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
zte
CWE-255
critical
exploit available

Summary

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities. CVE-2015-7257,CVE-2015-7258,CVE-2015-7259. Webapps exploit for hardware platform
fileexploits/hardware/webapps/38772.txt
idEDB-ID:38772
last seen2016-02-04
modified2015-11-20
platformhardware
port80
published2015-11-20
reporterKarn Ganeshen
sourcehttps://www.exploit-db.com/download/38772/
titleZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities
typewebapps

Packetstorm