CVE-2015-8703
published 2015-12-30CVE-2015-8703: ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended…
PriorityP344medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
4.86%
90.9th percentile
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zte | zxhn_h108n_r1a_firmware | <= zte.bhs.zxhnh108nr1a.h_pe | — |
| zte | zxv10_w300_firmware | <= w300v1.0.0f_er1_pe | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8863-rmh9-4mvj: ZTE ZXHN H108N R1A devices before ZTE
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-8703 [HIGH] CWE-200 GHSA-8863-rmh9-4mvj: ZTE ZXHN H108N R1A devices before ZTE
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
GHSA
GHSA-63g3-7wjw-9cxg: ZTE ZXHN H108N R1A devices before ZTE
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2015-7248 [MEDIUM] CWE-200 GHSA-63g3-7wjw-9cxg: ZTE ZXHN H108N R1A devices before ZTE
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
No detection rules found.
No writeups or analysis indexed.
2015-12-30
Published