Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:h:zte:zxv10_w300:-:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-12695 |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Published: June 08, 2020; 1:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-4019 |
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0. Published: February 20, 2020; 1:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-7259 |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. Published: August 24, 2017; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-7258 |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Published: August 24, 2017; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2015-7257 |
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". Published: August 24, 2017; 4:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 8.5 HIGH |
CVE-2014-4154 |
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js. Published: July 16, 2014; 10:19:03 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-4018 |
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Published: July 16, 2014; 10:19:03 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-4155 |
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. Published: June 19, 2014; 10:55:08 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |