Vulnerability Description
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxv10 W300 | 2.1.0 |
Related Weaknesses (CWE)
References
- http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
- http://osvdb.org/102816
- http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials
- http://www.kb.cert.org/vuls/id/228886US Government Resource
- http://www.securityfocus.com/bid/65310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
- http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
- http://osvdb.org/102816
- http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials
- http://www.kb.cert.org/vuls/id/228886US Government Resource
- http://www.securityfocus.com/bid/65310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
FAQ
What is CVE-2014-0329?
CVE-2014-0329 is a vulnerability with a CVSS score of 9.3 (HIGH). The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging kn...
How severe is CVE-2014-0329?
CVE-2014-0329 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0329?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 W300.