ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 Furthermore, you can find the Troubleshooting Login Issues section which can answer your unresolved problems. LoginAsk is here to help you access Zxhn H108n V2.5 Default Password quickly and handle each specific case you encounter. Some ZTE products have CSRF vulnerability. Zxhn H108n V2.5 Default Password will sometimes glitch and take you a long time to try different solutions. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.Ĥ Zxhn H108n, Zxhn H108n Firmware, Zxhn H168n and 1 more Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6Ī ZTE product has an information leak vulnerability. ZTE ZXHN H108N R1A devices before _PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.A ZTE product is impacted by improper access control vulnerability. ZTE ZXHN H108N R1A devices before _PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.Ĭross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before _PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.Ĥ Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more ZTE ZXHN H108N R1A devices before _PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.Ībsolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before _PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. ZTE ZXHN H108N R1A devices before _PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703. 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |