Vulnerability CVE-2014-0329
Published: 2014-02-04

Description:
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

See advisories in our WLB2 database:
Topic
Author
Date
High
ZTE ZXV10 W300 router contains hardcoded credentials
USCERT
09.02.2014
High
ZTE ZXV10 W300 router contains hardcoded credentials exploit
Cesar Neira
10.02.2014

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ZTE -> Zxv10 w300 

 References:
http://www.kb.cert.org/vuls/id/228886
Copyright 2024, cxsecurity.com

 

Back to Top