CVE-2014-4019: Infoleak
First published: Thu Feb 20 2020(Updated: )
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxv10 W300 Firmware | =w300v1.0.0a_zrd_lk | |
| ZTE ZXV10 W300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2014-4019.
What is the severity of CVE-2014-4019?
The severity of CVE-2014-4019 is high, with a severity value of 7.5.
How does CVE-2014-4019 affect the ZTE ZXV10 W300 router?
CVE-2014-4019 allows remote attackers to read backup files on the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK.
How can I exploit CVE-2014-4019?
We do not provide information or support on exploiting vulnerabilities.
How can I fix CVE-2014-4019?
To fix CVE-2014-4019, it is recommended to update the firmware of the ZTE ZXV10 W300 router to a version that addresses the vulnerability.
- collector/nvd-index
- vendor/zte
- canonical/zte zxv10 w300 firmware
- version/zte zxv10 w300 firmware/w300v1.0.0a_zrd_lk
- canonical/zte zxv10 w300