Zte Zxv10 W300 Firmware vulnerabilities
8 known vulnerabilities affecting zte/zxv10_w300_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2014-4019P1HIGHCVSS 7.5ExploitedPoCvw300v1.0.0a_zrd_lk2020-02-20
CVE-2014-4019 [HIGH] CWE-200 CVE-2014-4019: ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web ro
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
nvd
CVE-2015-7259P2HIGHCVSS 8.8PoCvw300v2.1.0f_er7_pe_o57vw300v2.1.0h_er7_pe_o572017-08-24
CVE-2015-7259 [HIGH] CWE-255 CVE-2015-7259: ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
nvd
CVE-2015-7258P2HIGHCVSS 8.8PoCvw300v2.1.0f_er7_pe_o57vw300v2.1.0h_er7_pe_o572017-08-24
CVE-2015-7258 [HIGH] CWE-255 CVE-2015-7258: ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authentica
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
nvd
CVE-2015-7257P3HIGHCVSS 7.5PoCvw300v2.1.0f_er7_pe_o57vw300v2.1.0h_er7_pe_o572017-08-24
CVE-2015-7257 [HIGH] CWE-640 CVE-2015-7257: ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authentica
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
nvd
CVE-2014-4018P3HIGHCVSS 7.8PoCv1.0.0a_zrd_lk2014-07-16
CVE-2014-4018 [HIGH] CWE-255 CVE-2014-4018: The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the a
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
nvd
CVE-2015-8703P3MEDIUMCVSS 6.5PoC≤ w300v1.0.0f_er1_pe2015-12-30
CVE-2015-8703 [MEDIUM] CVE-2015-8703: ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_P
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
nvd
CVE-2014-4154P3MEDIUMCVSS 5.0PoCv1.0.0a_zrd_lk2014-07-16
CVE-2014-4154 [MEDIUM] CWE-264 CVE-2014-4154: ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web ro
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
nvd
CVE-2014-4155P3MEDIUMCVSS 6.8PoCv1.0.0a_zrd_lk2014-06-19
CVE-2014-4155 [MEDIUM] CWE-352 CVE-2014-4155: Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
nvd