CVE-2015-7259
CVE-2015-7259
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.htmlunverifiedcve_referencepacketstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38772/unverifiedexploitdbwww.exploit-db.com/exploits/38772unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.htmlhttp://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.htmlhttp://seclists.org/fulldisclosure/2015/Nov/48https://www.exploit-db.com/exploits/38772/