Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Zte Subscribe
Filtered by product Zxhn H108n R1a Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7251 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 10.0 HIGH 9.8 CRITICAL
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2015-7252 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
CVE-2015-7248 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 5.0 MEDIUM 7.5 HIGH
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
CVE-2015-7249 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 6.8 MEDIUM 4.9 MEDIUM
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
CVE-2015-7250 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2017-09-12 7.8 HIGH 7.5 HIGH
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
CVE-2015-8703 1 Zte 4 Zxhn H108n R1a, Zxhn H108n R1a Firmware, Zxv10 W300 and 1 more 2016-11-28 4.0 MEDIUM 6.5 MEDIUM
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.