Cross-Site Scripting Vulnerability in ZTE ZXHN H108N Devices
CVE-2015-7252

6.1MEDIUM

Key Information:

Vendor: Zte
Status: Zxhn H108n R1a Firmware
Vendor: CVE Published:; 30 December 2015

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 24%

What is CVE-2015-7252?

A cross-site scripting vulnerability exists in the webproc component of ZTE ZXHN H108N R1A devices prior to ZTE.bhs.ZXHNH108NR1A.k_PE. This weakness allows remote attackers to inject arbitrary web scripts or HTML into the errorpage parameter. Exploiting this vulnerability could enable attackers to manipulate user sessions or redirect users to malicious websites, posing a significant risk to the integrity of web applications and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-7252 - Proof of Concept

References

http://www.securityfocus.com/bid/77421

vdb-entryx_refsource_BID

https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/391604

third-party-advisoryx_refsource_CERT-VN

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Dec 30, 2015
👾
Exploit known to exist
Dec 30, 2015
Vulnerability published
Dec 30, 2015
Vulnerability Reserved
Sep 18, 2015

JSON

Zte