Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxv10 W300 Firmware | 1.0.0a_zrd_lk |
| Zte | Zxv10 W300 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-DefauExploit
- http://www.exploit-db.com/exploits/33803
- https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilExploit
- http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-DefauExploit
- http://www.exploit-db.com/exploits/33803
- https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilExploit
FAQ
What is CVE-2014-4155?
CVE-2014-4155 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that c...
How severe is CVE-2014-4155?
CVE-2014-4155 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4155?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxv10 W300 Firmware, Zte Zxv10 W300.