Skip to main content

Zxv10 W300 Firmware

7 CVEs product

Monthly

CVE-2015-7259 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.3%
Threat
4.3
CVE-2015-7258 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
32.6%
Threat
4.2
CVE-2015-7257 HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.7%.

Zte Information Disclosure Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.7%
CVE-2015-8703 MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware Zxv10 W300 Firmware
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.5%
CVE-2014-4154 MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-4018 HIGH POC This Week

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
6.2%
CVE-2014-4155 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware Zxv10 W300
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
EPSS 33% 4.3 CVSS 8.8
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 33% 4.2 CVSS 8.8
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.6%.

Zte Authentication Bypass Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 17% CVSS 7.5
HIGH POC THREAT Act Now

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.7%.

Zte Information Disclosure Zxv10 W300 Firmware
NVD Exploit-DB
EPSS 4% CVSS 6.5
MEDIUM POC This Month

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zte Zxhn H108N R1A Firmware +1
NVD Exploit-DB
EPSS 9% CVSS 5.0
MEDIUM POC This Month

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zte Zxv10 W300 Firmware +1
NVD Exploit-DB
EPSS 6% CVSS 7.8
HIGH POC This Week

The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zte Authentication Bypass Zxv10 W300 Firmware +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Zte Zxv10 W300 Firmware +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy