CVE-2015-7248
published 2015-12-30CVE-2015-7248: ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc…
PriorityP356high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.90%
93.3th percentile
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zte | zxhn_h108n_r1a_firmware | <= zte.bhs.zxhnh108nr1a.h_pe | — |
| zte | zxv10_w300_firmware | <= w300v1.0.0f_er1_pe | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8863-rmh9-4mvj: ZTE ZXHN H108N R1A devices before ZTE
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-8703 [HIGH] CWE-200 GHSA-8863-rmh9-4mvj: ZTE ZXHN H108N R1A devices before ZTE
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
GHSA
GHSA-63g3-7wjw-9cxg: ZTE ZXHN H108N R1A devices before ZTE
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2015-7248 [MEDIUM] CWE-200 GHSA-63g3-7wjw-9cxg: ZTE ZXHN H108N R1A devices before ZTE
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/77421https://www.exploit-db.com/exploits/38773/https://www.kb.cert.org/vuls/id/391604https://www.kb.cert.org/vuls/id/BLUU-9ZDJWAhttp://www.securityfocus.com/bid/77421https://www.exploit-db.com/exploits/38773/https://www.kb.cert.org/vuls/id/391604https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA
2015-12-30
Published