Published: 20/11/2014 Updated: 08/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote malicious users to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte zxhn_h108l_firmware 4.0.0d_zrq_gr4

# Exploit Title: ZTE ZXHN H108L Authentication Bypass # Date: 14/11/2014 # Exploit Author: Project Zero Labs (projectzerogr | labs@projectzerogr) # Vendor Homepage: wwwztecomcn # Version: ZXHN H108LV400d_ZRQ_GR4 # Tested on: ZTE ZXHN H108L # CVE : CVE-2014-8493 #Original post at projectzerogr/en/2014/11/zte-zxhn-h108l-aut ...

About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account CWMP is a protocol widely used by ISPs worldwide for remote provisioning and troubleshooting their subscribers' equipm ...

CWE-264 http://www.exploit-db.com/exploits/35276 http://seclists.org/fulldisclosure/2014/Nov/46 http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/http://www.exploit-db.com/exploits/35272 https://exchange.xforce.ibmcloud.com/vulnerabilities/98733 https://nvd.nist.gov https://www.exploit-db.com/exploits/35272/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8493

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect