CVE-2015-7257
First published: Thu Aug 24 2017(Updated: )
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zte Zxv10 W300 Firmware | =w300v2.1.0f_er7_pe_o57 | |
| ZTE ZXV10 W300 | ||
| Zte Zxv10 W300 Firmware | =w300v2.1.0h_er7_pe_o57 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zte
- canonical/zte zxv10 w300 firmware
- version/zte zxv10 w300 firmware/w300v2.1.0f_er7_pe_o57
- canonical/zte zxv10 w300
- version/zte zxv10 w300 firmware/w300v2.1.0h_er7_pe_o57