Vulnerability Description
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxv10 W300 Firmware | w300v1.0.0a_zrd_lk |
| Zte | Zxv10 W300 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-DefauExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/33803ExploitThird Party AdvisoryVDB Entry
- http://www.osvdb.org/102668Broken Link
- https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilExploitThird Party Advisory
- http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-DefauExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/33803ExploitThird Party AdvisoryVDB Entry
- http://www.osvdb.org/102668Broken Link
- https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilExploitThird Party Advisory
FAQ
What is CVE-2014-4019?
CVE-2014-4019 is a vulnerability with a CVSS score of 7.5 (HIGH). ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct...
How severe is CVE-2014-4019?
CVE-2014-4019 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4019?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 W300 Firmware, Zte Zxv10 W300.