Description
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.
Exploits (1)
References (6)
Core 6
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228886
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90958
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/102816
Various Sources x_refsource_misc
http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65310
Scores
EPSS
0.2502
EPSS Percentile
96.2%
Details
CWE
CWE-255
Status
published
Products (1)
zte/zxv10_w300
2.1.0
Published
Feb 04, 2014
Tracked Since
Feb 18, 2026