Vulnerabilities > CVE-2015-7259 - Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities. CVE-2015-7257,CVE-2015-7258,CVE-2015-7259. Webapps exploit for hardware platform |
| file | exploits/hardware/webapps/38772.txt |
| id | EDB-ID:38772 |
| last seen | 2016-02-04 |
| modified | 2015-11-20 |
| platform | hardware |
| port | 80 |
| published | 2015-11-20 |
| reporter | Karn Ganeshen |
| source | https://www.exploit-db.com/download/38772/ |
| title | ZTE ADSL ZXV10 W300 Modems - Multiple Vulnerabilities |
| type | webapps |
Packetstorm
data source https://packetstormsecurity.com/files/download/134493/zteadlzxv10w300-backdoordisclose.txt id PACKETSTORM:134493 last seen 2016-12-05 published 2015-11-20 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html title ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor data source https://packetstormsecurity.com/files/download/134336/zteadsl-bypass.txt id PACKETSTORM:134336 last seen 2016-12-05 published 2015-11-14 reporter Karn Ganeshen source https://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html title ZTE ADSL Authorization Bypass / Information Disclosure
References
- http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html
- http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
- http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html
- http://seclists.org/fulldisclosure/2015/Nov/48
- http://seclists.org/fulldisclosure/2015/Nov/48
- https://www.exploit-db.com/exploits/38772/
- https://www.exploit-db.com/exploits/38772/