Vulnerability Description
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zte | Zxhn H108L Firmware | 4.0.0d_zrq_gr4 |
| Zte | Zxhn H108L | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.htmlExploit
- http://seclists.org/fulldisclosure/2014/Nov/46Exploit
- http://www.exploit-db.com/exploits/35272Exploit
- http://www.exploit-db.com/exploits/35276Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98733
- https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/Exploit
- http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.htmlExploit
- http://seclists.org/fulldisclosure/2014/Nov/46Exploit
- http://www.exploit-db.com/exploits/35272Exploit
- http://www.exploit-db.com/exploits/35276Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98733
- https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/Exploit
FAQ
What is CVE-2014-8493?
CVE-2014-8493 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
How severe is CVE-2014-8493?
CVE-2014-8493 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8493?
Check the references section above for vendor advisories and patch information. Affected products include: Zte Zxhn H108L Firmware, Zte Zxhn H108L.