Vulnerabilities > ZTE > Zxv10 W300 Firmware > 1.0.0a.zrd.lk
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-30 | CVE-2015-8703 | Information Exposure vulnerability in ZTE Zxhn H108N R1A Firmware and Zxv10 W300 Firmware ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. | 4.0 |
2014-07-16 | CVE-2014-4154 | Permissions, Privileges, and Access Controls vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. | 5.0 |
2014-07-16 | CVE-2014-4018 | Credentials Management vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.8 |
2014-06-19 | CVE-2014-4155 | Cross-Site Request Forgery (CSRF) vulnerability in ZTE Zxv10 W300 and Zxv10 W300 Firmware Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. | 6.8 |