Vulnerabilities > ZTE > Zxv10 W300 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2014-4019 Information Exposure vulnerability in ZTE Zxv10 W300 Firmware W300V1.0.0Azrdlk
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
network
low complexity
zte CWE-200
7.5
2017-08-24 CVE-2015-7259 Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
network
low complexity
zte CWE-255
8.8
2017-08-24 CVE-2015-7258 Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
network
low complexity
zte CWE-255
8.8
2017-08-24 CVE-2015-7257 Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
network
high complexity
zte CWE-640
7.5
2015-12-30 CVE-2015-8703 Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
network
low complexity
zte CWE-200
6.5