Access Control Vulnerability in ZTE ZXV10 W300 Router
CVE-2014-4154

Currently unrated

Key Information:

Vendor

Zte

Status
Zxv10 W300 Firmware
Zxv10 W300
Vendor
CVE Published:
16 July 2014

What is CVE-2014-4154?

The ZTE ZXV10 W300 router, particularly with firmware version W300V1.0.0a_ZRD_LK, is susceptible to an access control vulnerability that allows remote attackers to gain unauthorized access to sensitive information. Specifically, the vulnerability exposes the PPPoE/PPPoA password through a direct request targeting the insecurely stored basic/tc2wanfun.js file, circumventing intended security measures and potentially compromising user credentials.

References

http://packetstormsecurity.com/files/127129/ZTE-WXV10-W30...
x_refsource_MISC
https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w...
x_refsource_MISC
http://www.exploit-db.com/exploits/33803
exploitx_refsource_EXPLOIT-DB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.