CVE-2014-0329

critical

Description

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90958

http://www.securityfocus.com/bid/65310

http://www.kb.cert.org/vuls/id/228886

http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html

http://osvdb.org/102816

http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html

Details

Source: Mitre, NVD

Published: 2014-02-04

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical