First published: Thu Aug 24 2017(Updated: )
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zte Zxv10 W300 Firmware | =w300v2.1.0f_er7_pe_o57 | |
ZTE ZXV10 W300 | ||
Zte Zxv10 W300 Firmware | =w300v2.1.0h_er7_pe_o57 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.