CVE-2015-7257

moderate-risk

Published 2017-08-24

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

Do I need to act?

16.7% chance of exploitation in next 30 days

EPSS score — higher than 83% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

38772

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (2)

Zxv10 W300 Firmware

Affected Vendors

Zte

References (8)

Third Party Advisory http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Inform...

Third Party Advisory http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Di...

Mailing List http://seclists.org/fulldisclosure/2015/Nov/48

Third Party Advisory https://www.exploit-db.com/exploits/38772/

Third Party Advisory http://packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Inform...

Third Party Advisory http://packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Di...

Mailing List http://seclists.org/fulldisclosure/2015/Nov/48

Third Party Advisory https://www.exploit-db.com/exploits/38772/

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 13/34 · Low

Exposure 7/34 · Low