cbcvebase.
CVE-2015-7248
published 2015-12-30

CVE-2015-7248: ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc…

PriorityP356high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.90%
93.3th percentile
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.

Affected

2 ranges
VendorProductVersion rangeFixed in
ztezxhn_h108n_r1a_firmware<= zte.bhs.zxhnh108nr1a.h_pe
ztezxv10_w300_firmware<= w300v1.0.0f_er1_pe

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.