CVE-2014-8493

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
ztezxhn_h108l_firmware
4.0.0d_zrq_gr4:d_zrq_gr4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html
http://seclists.org/fulldisclosure/2014/Nov/46
http://www.exploit-db.com/exploits/35272
http://www.exploit-db.com/exploits/35276
https://exchange.xforce.ibmcloud.com/vulnerabilities/98733
https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/
http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html
http://seclists.org/fulldisclosure/2014/Nov/46
http://www.exploit-db.com/exploits/35272
http://www.exploit-db.com/exploits/35276
https://exchange.xforce.ibmcloud.com/vulnerabilities/98733
https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/