Published: 21/11/2019 Updated: 04/12/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dasanzhone znid_2426a_firmware

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: wwwzhonecom Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S30501 Severity: Low to medium Vendor notified: Yes Re ...

Zhone ZNID GPON 2426A suffers from insecure direct object reference, password disclosure, command injection, cross site scripting, and privilege escalation vulnerabilities Versions prior to S30501 are affected ...

CWE-639 http://seclists.org/fulldisclosure/2015/Oct/57 https://www.exploit-db.com/exploits/38453/http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38453/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8356

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect