Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for zxv10_w300 by zte

    CVE-2020-12695 (GCVE-0-2020-12695)

    Vulnerability from nvd – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
    VLAI
    Summary
    The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:04:22.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.callstranger.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/339275"
              },
              {
                "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/yunuscadirci/CallStranger"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/corelight/callstranger-detector"
              },
              {
                "name": "FEDORA-2020-df3e1cfde9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
              },
              {
                "name": "FEDORA-2020-1f7fc0d0c9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
              },
              {
                "name": "FEDORA-2020-e538e3e526",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
              },
              {
                "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
              },
              {
                "name": "USN-4494-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4494-1/"
              },
              {
                "name": "DSA-4806",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4806"
              },
              {
                "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
              },
              {
                "name": "DSA-4898",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-22T23:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.callstranger.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/339275"
            },
            {
              "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/yunuscadirci/CallStranger"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/corelight/callstranger-detector"
            },
            {
              "name": "FEDORA-2020-df3e1cfde9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
            },
            {
              "name": "FEDORA-2020-1f7fc0d0c9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
            },
            {
              "name": "FEDORA-2020-e538e3e526",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
            },
            {
              "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
            },
            {
              "name": "USN-4494-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4494-1/"
            },
            {
              "name": "DSA-4806",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4806"
            },
            {
              "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
            },
            {
              "name": "DSA-4898",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-12695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.callstranger.com",
                  "refsource": "MISC",
                  "url": "https://www.callstranger.com"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/339275",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/339275"
                },
                {
                  "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
                },
                {
                  "name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
                },
                {
                  "name": "https://github.com/yunuscadirci/CallStranger",
                  "refsource": "MISC",
                  "url": "https://github.com/yunuscadirci/CallStranger"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
                },
                {
                  "name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
                  "refsource": "MISC",
                  "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
                },
                {
                  "name": "https://github.com/corelight/callstranger-detector",
                  "refsource": "MISC",
                  "url": "https://github.com/corelight/callstranger-detector"
                },
                {
                  "name": "FEDORA-2020-df3e1cfde9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
                },
                {
                  "name": "FEDORA-2020-1f7fc0d0c9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
                },
                {
                  "name": "FEDORA-2020-e538e3e526",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
                },
                {
                  "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
                },
                {
                  "name": "USN-4494-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4494-1/"
                },
                {
                  "name": "DSA-4806",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4806"
                },
                {
                  "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
                },
                {
                  "name": "DSA-4898",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12695",
        "datePublished": "2020-06-08T16:45:04.000Z",
        "dateReserved": "2020-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:04:22.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4154 (GCVE-0-2014-4154)

    Vulnerability from nvd – Published: 2014-07-16 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:28.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4154",
        "datePublished": "2014-07-16T14:00:00.000Z",
        "dateReserved": "2014-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:28.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4018 (GCVE-0-2014-4018)

    Vulnerability from nvd – Published: 2014-07-16 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:27.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4018",
        "datePublished": "2014-07-16T14:00:00.000Z",
        "dateReserved": "2014-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:27.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4155 (GCVE-0-2014-4155)

    Vulnerability from nvd – Published: 2014-06-19 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:28.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
                },
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4155",
        "datePublished": "2014-06-19T14:00:00.000Z",
        "dateReserved": "2014-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:28.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0329 (GCVE-0-2014-0329)

    Vulnerability from nvd – Published: 2014-02-04 02:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:10.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#228886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/228886"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
              },
              {
                "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
              },
              {
                "name": "102816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/102816"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
              },
              {
                "name": "65310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/65310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#228886",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/228886"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
            },
            {
              "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
            },
            {
              "name": "102816",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/102816"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
            },
            {
              "name": "65310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/65310"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0329",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#228886",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/228886"
                },
                {
                  "name": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
                },
                {
                  "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
                },
                {
                  "name": "102816",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/102816"
                },
                {
                  "name": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html",
                  "refsource": "MISC",
                  "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
                },
                {
                  "name": "65310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/65310"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0329",
        "datePublished": "2014-02-04T02:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:10.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12695 (GCVE-0-2020-12695)

    Vulnerability from cvelistv5 – Published: 2020-06-08 16:45 – Updated: 2024-08-04 12:04
    VLAI
    Summary
    The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:04:22.578Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.callstranger.com"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/339275"
              },
              {
                "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/yunuscadirci/CallStranger"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/corelight/callstranger-detector"
              },
              {
                "name": "FEDORA-2020-df3e1cfde9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
              },
              {
                "name": "FEDORA-2020-1f7fc0d0c9",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
              },
              {
                "name": "FEDORA-2020-e538e3e526",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
              },
              {
                "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
              },
              {
                "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
              },
              {
                "name": "USN-4494-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4494-1/"
              },
              {
                "name": "DSA-4806",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4806"
              },
              {
                "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
              },
              {
                "name": "DSA-4898",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-4898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-22T23:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.callstranger.com"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/339275"
            },
            {
              "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/yunuscadirci/CallStranger"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/corelight/callstranger-detector"
            },
            {
              "name": "FEDORA-2020-df3e1cfde9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
            },
            {
              "name": "FEDORA-2020-1f7fc0d0c9",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
            },
            {
              "name": "FEDORA-2020-e538e3e526",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
            },
            {
              "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
            },
            {
              "name": "USN-4494-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4494-1/"
            },
            {
              "name": "DSA-4806",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4806"
            },
            {
              "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
            },
            {
              "name": "DSA-4898",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2021/dsa-4898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-12695",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.callstranger.com",
                  "refsource": "MISC",
                  "url": "https://www.callstranger.com"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/339275",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/339275"
                },
                {
                  "name": "[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/08/2"
                },
                {
                  "name": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of",
                  "refsource": "MISC",
                  "url": "https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"
                },
                {
                  "name": "https://github.com/yunuscadirci/CallStranger",
                  "refsource": "MISC",
                  "url": "https://github.com/yunuscadirci/CallStranger"
                },
                {
                  "name": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"
                },
                {
                  "name": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/",
                  "refsource": "MISC",
                  "url": "https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"
                },
                {
                  "name": "https://github.com/corelight/callstranger-detector",
                  "refsource": "MISC",
                  "url": "https://github.com/corelight/callstranger-detector"
                },
                {
                  "name": "FEDORA-2020-df3e1cfde9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"
                },
                {
                  "name": "FEDORA-2020-1f7fc0d0c9",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"
                },
                {
                  "name": "FEDORA-2020-e538e3e526",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"
                },
                {
                  "name": "[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"
                },
                {
                  "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"
                },
                {
                  "name": "USN-4494-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4494-1/"
                },
                {
                  "name": "DSA-4806",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4806"
                },
                {
                  "name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"
                },
                {
                  "name": "DSA-4898",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2021/dsa-4898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-12695",
        "datePublished": "2020-06-08T16:45:04.000Z",
        "dateReserved": "2020-05-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:04:22.578Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4018 (GCVE-0-2014-4018)

    Vulnerability from cvelistv5 – Published: 2014-07-16 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:27.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4018",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4018",
        "datePublished": "2014-07-16T14:00:00.000Z",
        "dateReserved": "2014-06-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:27.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4154 (GCVE-0-2014-4154)

    Vulnerability from cvelistv5 – Published: 2014-07-16 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:28.895Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4154",
        "datePublished": "2014-07-16T14:00:00.000Z",
        "dateReserved": "2014-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:28.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4155 (GCVE-0-2014-4155)

    Vulnerability from cvelistv5 – Published: 2014-06-19 14:00 – Updated: 2024-08-06 11:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:04:28.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
              },
              {
                "name": "33803",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/33803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-16T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
            },
            {
              "name": "33803",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/33803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities",
                  "refsource": "MISC",
                  "url": "https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities"
                },
                {
                  "name": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html"
                },
                {
                  "name": "33803",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/33803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4155",
        "datePublished": "2014-06-19T14:00:00.000Z",
        "dateReserved": "2014-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:04:28.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0329 (GCVE-0-2014-0329)

    Vulnerability from cvelistv5 – Published: 2014-02-04 02:00 – Updated: 2024-08-06 09:13
    VLAI
    Summary
    The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:13:10.183Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#228886",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/228886"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
              },
              {
                "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
              },
              {
                "name": "102816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/102816"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
              },
              {
                "name": "65310",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/65310"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#228886",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/228886"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
            },
            {
              "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
            },
            {
              "name": "102816",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/102816"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
            },
            {
              "name": "65310",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/65310"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-0329",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#228886",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/228886"
                },
                {
                  "name": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html"
                },
                {
                  "name": "zxv10-w300-cve20140329-sec-bypass(90958)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90958"
                },
                {
                  "name": "102816",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/102816"
                },
                {
                  "name": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html",
                  "refsource": "MISC",
                  "url": "http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html"
                },
                {
                  "name": "65310",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/65310"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-0329",
        "datePublished": "2014-02-04T02:00:00.000Z",
        "dateReserved": "2013-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:13:10.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }