Published: 24/08/2017 Updated: 30/08/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte zxv10_w300_firmware w300v2.1.0f_er7_pe_o57
zte zxv10_w300_firmware w300v2.1.0h_er7_pe_o57

# Exploit Title: [ZTE ADSL ZXV10 W300 modems - Multiple vulnerabilities] # Discovered by: Karn Ganeshen # Vendor Homepage: [wwwztecomcn] # Versions Reported: [W300V210f_ER7_PE_O57 and W300V210h_ER7_PE_O57] *CVE-ID*: CVE-2015-7257 CVE-2015-7258 CVE-2015-7259 *Note*: Large deployment size, primarily in Peru, used by TdP 1 *Insufficient aut ...

ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature ...

ZTE ADSL modems suffer from authorization bypass and information disclosure vulnerabilities ...

CWE-255 https://www.exploit-db.com/exploits/38772/http://seclists.org/fulldisclosure/2015/Nov/48 http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38772/

CVE-2015-7258

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect