Hardcoded Password Vulnerability in ZTE ZXV10 W300 Router
CVE-2014-0329

Currently unrated

Key Information:

Vendor

Zte

Status
Zxv10 W300
Vendor
CVE Published:
4 February 2014

What is CVE-2014-0329?

The TELNET service on the ZTE ZXV10 W300 router version 2.1.0 contains a hardcoded password that concludes with 'airocon' for the admin account. This flaw significantly compromises the device's security, as malicious actors can exploit the knowledge of MAC address characters found at the start of the password to gain unauthorized administrative access, thereby potentially allowing full control over the router.

References

http://www.kb.cert.org/vuls/id/228886
third-party-advisoryx_refsource_CERT-VN
http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W30...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
vdb-entryx_refsource_XF

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.