Vulnerability Description
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | F460 | - |
| Zte | F660 | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/600724US Government Resource
- http://www.myxzy.com/post-411.html
- https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-201Exploit
- http://www.kb.cert.org/vuls/id/600724US Government Resource
- http://www.myxzy.com/post-411.html
- https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-201Exploit
FAQ
What is CVE-2014-2321?
CVE-2014-2321 is a vulnerability with a CVSS score of 10.0 (HIGH). web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET s...
How severe is CVE-2014-2321?
CVE-2014-2321 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2321?
Check the references section above for vendor advisories and patch information. Affected products include: Zte F460, Zte F660.