Vulnerabilities (CVE)

Filtered by vendor Zte Subscribe
Filtered by product Zxv10 W300 Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8703 1 Zte 4 Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
CVE-2015-7259 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
CVE-2015-7258 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
CVE-2015-7257 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 8.5 HIGH 7.5 HIGH
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
CVE-2014-4155 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
CVE-2014-4154 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 5.0 MEDIUM N/A
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
CVE-2014-4019 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
CVE-2014-4018 1 Zte 2 Zxv10 W300, Zxv10 W300 Firmware 2024-11-21 7.8 HIGH N/A
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.