Search criteria
3 vulnerabilities found for f660 by zte
VAR-201403-0306
Vulnerability from variot - Updated: 2025-04-13 23:05web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. ZTE F460/F660 cable modems contain an unauthenticated backdoor. ZTE Provided by F460/F660 Has a problem with accessing the product without authorization. ZTE Provided by F460/F660 Without authentication web_shell_cmd.gch There is an issue with access to the script.A remote attacker may execute arbitrary commands with administrator privileges for the device. ZTE of ZTE F460 and ZTE F660 contains vulnerabilities related to authorization, privileges, and access control.None. ZTE F460/F660 are cable modem products. The web_shell_cmd.gch script accepts unauthenticated commands and can be accessed from the WAN interface. ZTE F460/F660 are prone to an unauthorized-access vulnerability. This may aid in further attacks. A security vulnerability exists in the web_shell_cmd.gch script file of ZTE F460 and F660 fiber optic modems. A remote attacker can exploit this vulnerability to gain administrative privileges by sending a sendcmd request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f460",
"scope": null,
"trust": 2.2,
"vendor": "zte",
"version": null
},
{
"model": "f660",
"scope": null,
"trust": 2.2,
"vendor": "zte",
"version": null
},
{
"model": "f460",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "f660",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#600724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:zte:f460",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:zte:f660",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "65962"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2321",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2321",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.7,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-01538",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-70260",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2321",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2321",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-01538",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201403-112",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-70260",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-2321",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials. ZTE F460/F660 cable modems contain an unauthenticated backdoor. ZTE Provided by F460/F660 Has a problem with accessing the product without authorization. ZTE Provided by F460/F660 Without authentication web_shell_cmd.gch There is an issue with access to the script.A remote attacker may execute arbitrary commands with administrator privileges for the device. ZTE of ZTE F460 and ZTE F660 contains vulnerabilities related to authorization, privileges, and access control.None. ZTE F460/F660 are cable modem products. The web_shell_cmd.gch script accepts unauthenticated commands and can be accessed from the WAN interface. ZTE F460/F660 are prone to an unauthorized-access vulnerability. This may aid in further attacks. A security vulnerability exists in the web_shell_cmd.gch script file of ZTE F460 and F660 fiber optic modems. A remote attacker can exploit this vulnerability to gain administrative privileges by sending a sendcmd request",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2321"
},
{
"db": "CERT/CC",
"id": "VU#600724"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "BID",
"id": "65962"
},
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "VULMON",
"id": "CVE-2014-2321"
}
],
"trust": 4.05
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2321",
"trust": 5.1
},
{
"db": "CERT/CC",
"id": "VU#600724",
"trust": 4.8
},
{
"db": "BID",
"id": "65962",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU95250773",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01538",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70260",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2321",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#600724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"db": "BID",
"id": "65962"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"id": "VAR-201403-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "VULHUB",
"id": "VHN-70260"
}
],
"trust": 1.3125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01538"
}
]
},
"last_update_date": "2025-04-13T23:05:15.192000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://wwwen.zte.com.cn/en/"
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/Elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/600724"
},
{
"trust": 3.4,
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"trust": 3.4,
"url": "http://www.myxzy.com/post-411.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95250773/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2321"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2321"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/65962"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#600724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#600724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "VULHUB",
"id": "VHN-70260"
},
{
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"db": "BID",
"id": "65962"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-04T00:00:00",
"db": "CERT/CC",
"id": "VU#600724"
},
{
"date": "2014-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-70260"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"date": "2014-03-04T00:00:00",
"db": "BID",
"id": "65962"
},
{
"date": "2014-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"date": "2014-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"date": "2014-03-11T13:01:19.140000",
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-19T00:00:00",
"db": "CERT/CC",
"id": "VU#600724"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-70260"
},
{
"date": "2014-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2321"
},
{
"date": "2014-03-12T18:04:00",
"db": "BID",
"id": "65962"
},
{
"date": "2014-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001564"
},
{
"date": "2024-07-18T07:32:00",
"db": "JVNDB",
"id": "JVNDB-2014-009029"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-112"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE F460/F660 backdoor unauthorized access vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01538"
},
{
"db": "BID",
"id": "65962"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-112"
}
],
"trust": 0.6
}
}
CVE-2014-2321 (GCVE-0-2014-2321)
Vulnerability from nvd – Published: 2014-03-11 10:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.myxzy.com/post-411.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/600724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.myxzy.com/post-411.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/600724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.myxzy.com/post-411.html",
"refsource": "MISC",
"url": "http://www.myxzy.com/post-411.html"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/600724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2321",
"datePublished": "2014-03-11T10:00:00.000Z",
"dateReserved": "2014-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:35.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2321 (GCVE-0-2014-2321)
Vulnerability from cvelistv5 – Published: 2014-03-11 10:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.myxzy.com/post-411.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/600724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-11T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.myxzy.com/post-411.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/600724"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.myxzy.com/post-411.html",
"refsource": "MISC",
"url": "http://www.myxzy.com/post-411.html"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor"
},
{
"name": "VU#600724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/600724"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2321",
"datePublished": "2014-03-11T10:00:00.000Z",
"dateReserved": "2014-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:35.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}