cbcvebase.
CVE-2015-8703
published 2015-12-30

CVE-2015-8703: ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended…

PriorityP344medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
4.86%
90.9th percentile
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.

Affected

2 ranges
VendorProductVersion rangeFixed in
ztezxhn_h108n_r1a_firmware<= zte.bhs.zxhnh108nr1a.h_pe
ztezxv10_w300_firmware<= w300v1.0.0f_er1_pe

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.