Skip to main content

Zxhn H108N R1A Firmware

6 CVEs product

Monthly

CVE-2015-8703 MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.5%
CVE-2015-7252 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

XSS Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
24.0%
CVE-2015-7251 CRITICAL POC THREAT Emergency

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.8%.

Zte Authentication Bypass Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.8%
Threat
4.6
CVE-2015-7250 HIGH POC THREAT Act Now

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Path Traversal Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.2%
CVE-2015-7249 MEDIUM POC THREAT This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
11.2%
CVE-2015-7248 HIGH POC THREAT Act Now

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Information Disclosure Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
35.4%
Threat
4.1
EPSS 4% CVSS 6.5
MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware +1
NVD Exploit-DB
EPSS 24% CVSS 6.1
MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.0%.

XSS Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 39% 4.6 CVSS 9.8
CRITICAL POC THREAT Emergency

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.8%.

Zte Authentication Bypass Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 20% CVSS 7.5
HIGH POC THREAT Act Now

Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Path Traversal Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 11% CVSS 4.9
MEDIUM POC THREAT This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Privilege Escalation Zte Zxhn H108N R1A Firmware
NVD Exploit-DB
EPSS 35% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.4%.

Information Disclosure Zte Zxhn H108N R1A Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy