CVE-2014-0329

ZTE ZXV10 W300 2.1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0329. PoCs published by Cesar Neira.

AI-analyzed exploit summary This NSE script exploits CVE-2014-0329 by retrieving the MAC address via SNMP and using it to generate hardcoded telnet credentials for ZTE ZXV10 W300 routers. It then attempts to authenticate and dump credentials from the device.

Description

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

Exploits (1)

exploitdb WORKING POC
by Cesar Neira · webappshardware
https://www.exploit-db.com/exploits/31527

This NSE script exploits CVE-2014-0329 by retrieving the MAC address via SNMP and using it to generate hardcoded telnet credentials for ZTE ZXV10 W300 routers. It then attempts to authenticate and dump credentials from the device.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: ZTE ZXV10 W300 v2.1
No auth needed
Prerequisites: SNMP access with community string 'public' · Telnet service accessible on port 23
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228886
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/102816
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65310

Scores

EPSS 0.0852
EPSS Percentile 94.4%

Details

CWE
CWE-255
Status published
Products (1)
zte/zxv10_w300 2.1.0
Published Feb 04, 2014
Tracked Since Feb 18, 2026