CVE-2014-4019

EPSS 12.4%

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.htmlunverified cve_referencewww.exploit-db.com/exploits/33803unverified exploitdbwww.exploit-db.com/exploits/33803unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/http://www.exploit-db.com/exploits/33803 http://www.osvdb.org/102668