Cross-Site Request Forgery Vulnerability in ZTE ZXV10 W300 Router
CVE-2014-4155

Currently unrated

Key Information:

Vendor: Zte
Status: Zxv10 W300 Firmware; Zxv10 W300
Vendor: CVE Published:; 19 June 2014

What is CVE-2014-4155?

The ZTE ZXV10 W300 router's firmware W300V1.0.0a_ZRD_LK is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows remote attackers to exploit the router by hijacking the authentication mechanisms of administrators. Specifically, an attacker can issue unauthorized requests to change the admin password, exploiting the affected router’s vulnerable endpoint at Forms/tools_admin_1. This could lead to unauthorized access and control of the device, posing significant security risks to the network.

References

https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w...

x_refsource_MISC

http://packetstormsecurity.com/files/127129/ZTE-WXV10-W30...

x_refsource_MISC

http://www.exploit-db.com/exploits/33803

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2014
Vulnerability Reserved
Jun 12, 2014

Zte

What is CVE-2014-4155?

References

Timeline