ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zte zxv10_w300_firmware w300v2.1.0f_er7_pe_o57 |
||
zte zxv10_w300_firmware w300v2.1.0h_er7_pe_o57 |