VAR-201708-0146
Vulnerability from variot - Updated: 2023-12-18 12:37ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. ZTE ADSL ZXV10 W300 Modems contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEADSLZXV10W300 is an ADSL modem (Modem) product from China ZTE Corporation (ZTE). A security vulnerability exists in the ZTEADSLZXV10W300W300V2.1.0f_ER7_PE_O57 version and the W300V2.1.0h_ER7_PE_O57 version. There are security vulnerabilities in ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57. Other functions may be vulnerable as well.
Expected behavior:
Only administrative 'admin' user should be able to change password for all the device users. 'support' is a diagnostic user with restricted privileges. It can change only its own password.
Vulnerability:
Any non-admin user can change 'admin' password.
Steps to reproduce:
a. Login as user 'support' password XXX
b. Access Password Change page - http:///password.htm
c. Submit request
d. Intercept and Tamper the parameter username change from 'support' to 'admin'
e. Enter the new password > old password is not requested > Submit
> Login as admin
-> Pwn!
2 Sensitive information disclosure - clear-text passwords
Displaying user information over Telnet connection, shows all valid users and their passwords in clear-text.
CVE-ID: CVE-2015-7258
Steps to reproduce:
$ telnet
Trying ...
Connected to .
Escape character is '^]'. It is possible to log in to device with either of the username/password combination.
CVE-ID: CVE-2015-7259
It is considered as a (redundant) login support feature.
Steps to reproduce:
$ telnet
Trying ...
Connected to .
Escape character is '^]'.
User Access Verification
User Access Verification
Username: admin
Password: <-- admin/password3
$sh
ADSL#login show
Username Password Priority
admin password1 2
support password2 0
admin password3 1
+++++
Best Regards,
Karn Ganeshen
Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zxv10 w300",
"scope": "eq",
"trust": 2.4,
"vendor": "zte",
"version": "w300v2.1.0f_er7_pe_o57"
},
{
"model": "zxv10 w300",
"scope": "eq",
"trust": 2.4,
"vendor": "zte",
"version": "w300v2.1.0h_er7_pe_o57"
},
{
"model": "adsl zxv10 w300 w300v2.1.0f er7 pe o57",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "adsl zxv10 w300 w300v2.1.0h er7 pe o57",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0f_er7_pe_o57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:zxv10_w300_firmware:w300v2.1.0h_er7_pe_o57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7259"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "PACKETSTORM",
"id": "134336"
}
],
"trust": 0.1
},
"cve": "CVE-2015-7259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-7259",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-28179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-85220",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7259",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7259",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-28179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1097",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85220",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. ZTE ADSL ZXV10 W300 Modems contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTEADSLZXV10W300 is an ADSL modem (Modem) product from China ZTE Corporation (ZTE). A security vulnerability exists in the ZTEADSLZXV10W300W300V2.1.0f_ER7_PE_O57 version and the W300V2.1.0h_ER7_PE_O57 version. There are security vulnerabilities in ZTE ADSL ZXV10 W300 W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57. Other functions may be\nvulnerable as well. \n\n*Expected behavior:*\n\nOnly administrative \u0027admin\u0027 user should be able to change password for all\nthe device users. \u0027support\u0027 is a diagnostic user with restricted\nprivileges. It can change only its own password. \n\n*Vulnerability:*\n\nAny non-admin user can change \u0027admin\u0027 password. \n\n\n*Steps to reproduce:*\n\na. Login as user \u0027support\u0027 password XXX\n\nb. Access Password Change page - http://\u003cIP\u003e/password.htm\n\nc. Submit request\n\nd. Intercept and Tamper the parameter \u00ad username \u00ad change from \u0027support\u0027 to\n\u0027admin\u0027\n\ne. Enter the new password \u00ad\u003e old password is not requested \u00ad\u003e Submit\n\n\u00ad\u003e Login as admin\n\n-\u003e Pwn!\n\n\n\n2 *Sensitive information disclosure - clear-text passwords*\n\nDisplaying user information over Telnet connection, shows all valid users\nand their passwords in clear\u00ad-text. \n\n*CVE-ID*: CVE-2015-7258\n\n*Steps to reproduce:*\n\n$ telnet \u003cIP\u003e\n\nTrying \u003cIP\u003e... \n\nConnected to \u003cIP\u003e. \n\nEscape character is \u0027^]\u0027. It is possible to log in to device with either of the\nusername/password combination. \n\n*CVE-ID*: CVE-2015-7259\n\nIt is considered as a (redundant) login support *feature*. \n\n\n*Steps to reproduce:*\n\n$ telnet \u003cIP\u003e\n\nTrying \u003cIP\u003e... \n\nConnected to \u003cIP\u003e. \n\nEscape character is \u0027^]\u0027. \n\nUser Access Verification\n\nUser Access Verification\n\nUsername: admin\n\nPassword: \u003c\u00ad--\u00ad\u00ad admin/password3\n\n$sh\n\nADSL#login show\n\nUsername Password Priority\n\nadmin password1 2\n\nsupport password2 0\n\nadmin password3 1\n\n+++++\n\nBest Regards,\n\nKarn Ganeshen\n-- \nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "PACKETSTORM",
"id": "134336"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85220",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85220"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7259",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "38772",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "134336",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "134493",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-28179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85220",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "PACKETSTORM",
"id": "134336"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"id": "VAR-201708-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
}
]
},
"last_update_date": "2023-12-18T12:37:18.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZXV10 W300",
"trust": 0.8,
"url": "http://wwwen.zte.com.cn/pub/en/products/access/cpe/201111/t20111110_262340.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2015/nov/48"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/38772/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/134336/zte-adsl-authorization-bypass-information-disclosure.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/134493/zte-adsl-zxv10-w300-authorization-disclosure-backdoor.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7259"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7259"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/password.htm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "PACKETSTORM",
"id": "134336"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"db": "VULHUB",
"id": "VHN-85220"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"db": "PACKETSTORM",
"id": "134336"
},
{
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"date": "2017-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-85220"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"date": "2015-11-14T13:33:33",
"db": "PACKETSTORM",
"id": "134336"
},
{
"date": "2017-08-24T20:29:00.473000",
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28179"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-85220"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007770"
},
{
"date": "2017-08-29T16:20:46.807000",
"db": "NVD",
"id": "CVE-2015-7259"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE ADSL ZXV10 W300 Vulnerability related to certificate / password management in modem",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007770"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1097"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…