CVE-2014-4019
published 2020-02-20CVE-2014-4019: ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote…
PriorityP178high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.37%
95.7th percentile
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zte | zxv10_w300_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests for the path /rom-0 — this file contains the router's compressed configuration including credentials and requires no authentication to retrieve. ↗
- →Monitor HTTP GET requests to /basic/tc2wanfun.js from unauthenticated or external sources; this JavaScript file exposes PPPoE/PPPoA credentials in plaintext after a user authenticates. ↗
- →Flag HTTP servers identifying as RomPager/4.07 as vulnerable; this server version is confirmed affected across ZTE and TP-Link devices. ↗
- ·The exploit and IOCs use the default LAN gateway 192.168.1.1; the /rom-0 path is accessible on any IP the router is reachable from, including WAN-facing interfaces if remote management is enabled. ↗
- ·Confirmed affected firmware is W300V1.0.0a_ZRD_LK on ZTE ZXV10 W300; other firmware versions on the same hardware may also be vulnerable but were not tested. ↗
- ·The tc2wanfun.js credential exposure only persists until the next router restart; credentials are written to the JS file only after a successful user authentication session. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-frhj-qp7x-f5j7: ZTE ZXV10 W300 router with firmware W300V1
ghsa_unreviewed·2022-05-17
CVE-2014-4019 [MEDIUM] GHSA-frhj-qp7x-f5j7: ZTE ZXV10 W300 router with firmware W300V1
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
VulnCheck
ZTE zxv10_w300_firmware Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2014·CVSS 7.5
CVE-2014-4019 [HIGH] ZTE zxv10_w300_firmware Exposure of Sensitive Information to an Unauthorized Actor
ZTE zxv10_w300_firmware Exposure of Sensitive Information to an Unauthorized Actor
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
Affected: ZTE zxv10_w300_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://thepcn3rd.blogspot.com/2015/03/whats-in-honeypot-cve-2014-4019-attack.html
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.htmlhttp://www.exploit-db.com/exploits/33803http://www.osvdb.org/102668https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.htmlhttp://www.exploit-db.com/exploits/33803http://www.osvdb.org/102668https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/
2020-02-20
Published
Exploited in the wild