CVE-2015-7259

Published: 24/08/2017 Updated: 29/08/2017

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zte zxv10 w300 firmware w300v2.1.0f er7 pe o57
zte zxv10 w300 firmware w300v2.1.0h er7 pe o57

# Exploit Title: [ZTE ADSL ZXV10 W300 modems - Multiple vulnerabilities] # Discovered by: Karn Ganeshen # Vendor Homepage: [wwwztecomcn] # Versions Reported: [W300V210f_ER7_PE_O57 and W300V210h_ER7_PE_O57] *CVE-ID*: CVE-2015-7257 CVE-2015-7258 CVE-2015-7259 *Note*: Large deployment size, primarily in Peru, used by TdP 1 *Insufficient aut ...

ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature ...

ZTE ADSL modems suffer from authorization bypass and information disclosure vulnerabilities ...

CWE-255 https://www.exploit-db.com/exploits/38772/http://seclists.org/fulldisclosure/2015/Nov/48 http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.html http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38772/

CVE-2015-7259

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect