Hardcoded Credentials in ZTE ZXHN H108N Devices Exposing Administrative Access
CVE-2015-7251

9.8CRITICAL

Key Information:

Vendor: Zte
Status: Zxhn H108n R1a Firmware
Vendor: CVE Published:; 30 December 2015

What is CVE-2015-7251?

Certain ZTE ZXHN H108N R1A devices contain a hardcoded password for the root account, which poses a significant security risk. This vulnerability allows remote attackers to gain administrative access through TELNET sessions, exploiting weak security practices. Users of these devices are encouraged to update to the latest firmware version to mitigate potential threats and secure their networks.

References

http://www.securityfocus.com/bid/77421

vdb-entryx_refsource_BID

https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/391604

third-party-advisoryx_refsource_CERT-VN

EPSS Score

23% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2015
Vulnerability Reserved
Sep 18, 2015

Zte

What is CVE-2015-7251?

References

EPSS Score

CVSS V3.1

Timeline