CVE-2014-0329

EUVD-2014-0367
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
ztezxv10_w300
2.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
http://osvdb.org/102816
http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html
http://www.kb.cert.org/vuls/id/228886
http://www.securityfocus.com/bid/65310
https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
http://osvdb.org/102816
http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html
http://www.kb.cert.org/vuls/id/228886
http://www.securityfocus.com/bid/65310
https://exchange.xforce.ibmcloud.com/vulnerabilities/90958