What is the severity of CVE-2015-7255?

CVE-2015-7255 has a moderate severity rating due to the potential for man-in-the-middle attacks.

How do I fix CVE-2015-7255?

To fix CVE-2015-7255, ensure that unique X.509 certificates and SSH host keys are used for each device.

What are the potential risks associated with CVE-2015-7255?

The potential risks of CVE-2015-7255 include remote attackers obtaining sensitive information through man-in-the-middle or passive decryption attacks.

Can CVE-2015-7255 be exploited remotely?

Yes, CVE-2015-7255 can be exploited remotely if the device is configured with non-unique cryptographic elements.

Vulnerability/
CVE-2015-7255

high

7.5

CWE

200

29/8/2017

6/8/2024

CVE-2015-7255: Infoleak

First published: Tue Aug 29 2017(Updated: )

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Zte Ox-330p Firmware
ZTE OX-330P
Zte Zxhn H108n Firmware
ZTE ZXHN H108N
Zte W300v1.0.0s Zrd Tr1 D68 Firmware
Zte W300v1.0.0s Zrd Tr1 D68
Zte Hg110 Firmware
Zte Hg110
Zte Gan9.8t101a-b Firmware
Zte Gan9.8t101a-b
Zte Mf28g Firmware
Zte Mf28g

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7255?
CVE-2015-7255 has a moderate severity rating due to the potential for man-in-the-middle attacks.
How do I fix CVE-2015-7255?
To fix CVE-2015-7255, ensure that unique X.509 certificates and SSH host keys are used for each device.
What devices are affected by CVE-2015-7255?
CVE-2015-7255 affects ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, and MF28G.
What are the potential risks associated with CVE-2015-7255?
The potential risks of CVE-2015-7255 include remote attackers obtaining sensitive information through man-in-the-middle or passive decryption attacks.
Can CVE-2015-7255 be exploited remotely?
Yes, CVE-2015-7255 can be exploited remotely if the device is configured with non-unique cryptographic elements.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/author
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/tags
agent/source
vendor/zte
canonical/zte ox-330p firmware
canonical/zte ox-330p
canonical/zte zxhn h108n firmware
canonical/zte zxhn h108n
canonical/zte w300v1.0.0s zrd tr1 d68 firmware
canonical/zte w300v1.0.0s zrd tr1 d68
canonical/zte hg110 firmware
canonical/zte hg110
canonical/zte gan9.8t101a-b firmware
canonical/zte gan9.8t101a-b
canonical/zte mf28g firmware
canonical/zte mf28g

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.