Published: 29/08/2017 Updated: 12/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote malicious users to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte ox-330p_firmware -
zte zxhn_h108n_firmware -
zte w300v1.0.0s_zrd_tr1_d68_firmware -
zte hg110_firmware -
zte gan9.8t101a-b_firmware -
zte mf28g_firmware -

HTTPSohopeless: 26,000 Telstra Cisco boxen open to device hijacking

The Register • Darren Pauli • 27 Nov 2015

Embedded device mayhem as rivals share keys

More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates. The baked-in HTTPS server-side certificates and SSH host keys were found by Sec Consult during a study of thousands of router and Internet of Things gizmos. Cisco warns that miscreants who get hold of these certificates, can decrypt web traffic to a router's builtin HTTPS web server via man-in-the-middle attacks. The web server is provided so people c...

CVE-2015-7255

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect