Published: 17/10/2017 Updated: 09/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote malicious users to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dasanzhone znid_2426a_firmware -

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: wwwzhonecom Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S30501 Severity: Low to medium Vendor notified: Yes Re ...

Zhone ZNID GPON 2426A suffers from insecure direct object reference, password disclosure, command injection, cross site scripting, and privilege escalation vulnerabilities Versions prior to S30501 are affected ...

CWE-77 https://www.exploit-db.com/exploits/38453/http://seclists.org/fulldisclosure/2015/Oct/57 http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html http://www.securityfocus.com/archive/1/536663/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/38453/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-9118

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect