CVE-2015-7257
CVE-2015-7257
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.htmlunverifiedcve_referencepacketstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38772/unverifiedexploitdbwww.exploit-db.com/exploits/38772unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.htmlhttp://seclists.org/fulldisclosure/2015/Nov/48https://www.exploit-db.com/exploits/38772/