Skip to main content

Znid 2426A Firmware

2 CVEs product

Monthly

CVE-2014-9118 HIGH POC THREAT Act Now

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Command Injection Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.3%
Threat
4.8
CVE-2014-8357 HIGH POC THREAT Act Now

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Znid 2426A Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
18.3%
EPSS 52% 4.8 CVSS 8.8
HIGH POC THREAT Act Now

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.3%.

Command Injection Znid 2426A Firmware
NVD Exploit-DB
EPSS 18% CVSS 8.8
HIGH POC THREAT Act Now

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.3%.

Authentication Bypass Znid 2426A Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy