Vulnerabilites related to zte - hg110
Vulnerability from fkie_nvd
Published
2017-08-29 15:29
Modified
2024-11-21 02:36
Severity ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| cret@cert.org | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | ox-330p_firmware | - | |
| zte | ox-330p | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - | |
| zte | w300v1.0.0s_zrd_tr1_d68_firmware | - | |
| zte | w300v1.0.0s_zrd_tr1_d68 | - | |
| zte | hg110_firmware | - | |
| zte | hg110 | - | |
| zte | gan9.8t101a-b_firmware | - | |
| zte | gan9.8t101a-b | - | |
| zte | mf28g_firmware | - | |
| zte | mf28g | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "EB20B496-6386-49B4-9103-45729D61F435", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*", matchCriteriaId: "952793D7-1F57-42F3-9379-F9A31289E4AE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A4D2542D-8293-415B-903E-2F21F0D76B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "499B358C-5391-4BD4-AE41-CF5FBE7275D7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*", matchCriteriaId: "913EF52F-FF31-4CC7-B875-4998D00C4DE2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "807D447D-DEC7-4C57-8DC2-6331CDF0E5D2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*", matchCriteriaId: "D5230DF2-DBBB-4056-B4BD-582AD0E57452", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "ABF80049-ED6B-4161-AA35-1460E1EA7E50", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*", matchCriteriaId: "1C73083E-D6FA-4AB2-8C21-22101232AC67", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "5C233563-DBCE-4DC5-B28C-C7EFABDB11D4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*", matchCriteriaId: "5EAFEC2D-3EBF-43D8-A662-A8D206A1E885", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A4D2542D-8293-415B-903E-2F21F0D76B1D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", matchCriteriaId: "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, { lang: "es", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, y ZXHN H108N utilizan certificados X.509 no únicos y claves de host SSH, lo que puede permitir a los atacantes remotos que obtengan credenciales u otra información sensible a través de un ataque Man-in-the-Middle (MitM), un ataque de descifrado pasivo o mediante la suplantación de un dispositivo legítimo.", }, ], id: "CVE-2015-7255", lastModified: "2024-11-21T02:36:26.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-29T15:29:00.517", references: [ { source: "cret@cert.org", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2015-7255 (GCVE-0-2015-7255)
Vulnerability from cvelistv5
Published
2017-08-29 15:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:43:46.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-25T00:00:00", descriptions: [ { lang: "en", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-29T14:57:02", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { tags: [ "x_refsource_MISC", ], url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2015-7255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#566724", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/566724", }, { name: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", refsource: "MISC", url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93", }, { name: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", refsource: "MISC", url: "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2015-7255", datePublished: "2017-08-29T15:00:00", dateReserved: "2015-09-18T00:00:00", dateUpdated: "2024-08-06T07:43:46.050Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
var-201708-0143
Vulnerability from variot
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0143", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ox-330p", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "zxhn h108n", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "hg110", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "gan9.8t101a-b", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "mf28g", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "w300v1.0.0s zrd tr1 d68", scope: "eq", trust: 1.6, vendor: "zte", version: null, }, { model: "zxhn h108n", scope: null, trust: 1.2, vendor: "zte", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "actiontec", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "d link", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "general electric", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "huawei", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "netcomm", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "sierra", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "technicolor", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "ubiquiti", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "unify", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "zte", version: null, }, { model: null, scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "c1000z", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "fr1000z", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "gs1900-24", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "gs1900-8", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "nwa1100-n", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "nwa1100-nh", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "nwa1121-ni", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "nwa1123-ac", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "nwa1123-ni", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "p-660hn-51", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "p-663hn-51", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "p8702n", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "pmg5318-b20a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "q1000", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "sbg3300-n000", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "sbg3300-nb00", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "sbg3500-n000", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg1312-b10a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg1312-b30a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg1312-b30b", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg4380-b10a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg8324-b10a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg8924-b10a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vmg8924-b30a", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "vsg1435-b101", scope: null, trust: 0.8, vendor: "zyxel", version: null, }, { model: "", scope: null, trust: 0.8, vendor: "multiple vendors", version: null, }, { model: "ox-330p", scope: null, trust: 0.6, vendor: "zte", version: null, }, { model: "w300v1.0.0s zrd tr1 d68", scope: null, trust: 0.6, vendor: "zte", version: null, }, { model: "hg110", scope: null, trust: 0.6, vendor: "zte", version: null, }, { model: "gan9.8t101a-b", scope: null, trust: 0.6, vendor: "zte", version: null, }, { model: "mf28g", scope: null, trust: 0.6, vendor: "zte", version: null, }, ], sources: [ { db: "CERT/CC", id: "VU#566724", }, { db: "CNVD", id: "CNVD-2017-33516", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "NVD", id: "CVE-2015-7255", }, { db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2015-7255", }, ], }, cve: "CVE-2015-7255", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2015-7255", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CNVD-2017-33516", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-85216", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2015-7255", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2015-7255", trust: 0.8, value: "Medium", }, { author: "CNVD", id: "CNVD-2017-33516", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201708-1334", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-85216", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "NVD", id: "CVE-2015-7255", }, { db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;", sources: [ { db: "NVD", id: "CVE-2015-7255", }, { db: "CERT/CC", id: "VU#566724", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, ], trust: 2.97, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "CERT/CC", id: "VU#566724", trust: 3.9, }, { db: "NVD", id: "CVE-2015-7255", trust: 3.1, }, { db: "JVN", id: "JVNVU96100360", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-006907", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201708-1334", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-33516", trust: 0.6, }, { db: "VULHUB", id: "VHN-85216", trust: 0.1, }, ], sources: [ { db: "CERT/CC", id: "VU#566724", }, { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "NVD", id: "CVE-2015-7255", }, { db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, id: "VAR-201708-0143", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, ], trust: 1.2870330757142856, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-33516", }, ], }, last_update_date: "2023-12-18T12:57:18.133000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)", trust: 0.8, url: "http://www.zyxel.com/support/announcement_ssh_private_key_and_certificate_vulnerability.shtml", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-006907", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-200", trust: 1.1, }, ], sources: [ { db: "VULHUB", id: "VHN-85216", }, { db: "NVD", id: "CVE-2015-7255", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 3.1, url: "http://www.kb.cert.org/vuls/id/566724", }, { trust: 1.7, url: "https://www.kb.cert.org/vuls/id/bluu-a2nqyr", }, { trust: 1.6, url: "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html", }, { trust: 1.6, url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%e2%9c%93", }, { trust: 0.8, url: "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html", }, { trust: 0.8, url: "https://www.sec-consult.com/download/certificates.html", }, { trust: 0.8, url: "https://www.sec-consult.com/download/ssh_host_keys.html", }, { trust: 0.8, url: "https://scans.io/", }, { trust: 0.8, url: "https://scans.io/series/ssh-rsa-full-ipv4", }, { trust: 0.8, url: "https://scans.io/study/sonar.ssl", }, { trust: 0.8, url: "https://censys.io", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu96100360/index.html", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7256", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6358", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7255", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7276", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8251", }, { trust: 0.1, url: "https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%e2%9c%93", }, ], sources: [ { db: "CERT/CC", id: "VU#566724", }, { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "NVD", id: "CVE-2015-7255", }, { db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CERT/CC", id: "VU#566724", }, { db: "CNVD", id: "CNVD-2017-33516", }, { db: "VULHUB", id: "VHN-85216", }, { db: "JVNDB", id: "JVNDB-2015-006907", }, { db: "NVD", id: "CVE-2015-7255", }, { db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-11-25T00:00:00", db: "CERT/CC", id: "VU#566724", }, { date: "2017-11-10T00:00:00", db: "CNVD", id: "CNVD-2017-33516", }, { date: "2017-08-29T00:00:00", db: "VULHUB", id: "VHN-85216", }, { date: "2016-02-29T00:00:00", db: "JVNDB", id: "JVNDB-2015-006907", }, { date: "2017-08-29T15:29:00.517000", db: "NVD", id: "CVE-2015-7255", }, { date: "2017-08-29T00:00:00", db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-09-06T00:00:00", db: "CERT/CC", id: "VU#566724", }, { date: "2017-11-10T00:00:00", db: "CNVD", id: "CNVD-2017-33516", }, { date: "2017-09-12T00:00:00", db: "VULHUB", id: "VHN-85216", }, { date: "2018-02-28T00:00:00", db: "JVNDB", id: "JVNDB-2015-006907", }, { date: "2017-09-12T15:56:48.910000", db: "NVD", id: "CVE-2015-7255", }, { date: "2017-10-09T00:00:00", db: "CNNVD", id: "CNNVD-201708-1334", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201708-1334", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Embedded devices use non-unique X.509 certificates and SSH host keys", sources: [ { db: "CERT/CC", id: "VU#566724", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "information disclosure", sources: [ { db: "CNNVD", id: "CNNVD-201708-1334", }, ], trust: 0.6, }, }