CVE-2014-4019

HIGH EXPLOITED

ZTE ZXV10 W300 W300V1.0.0a_ZRD_LK - Unauthenticated Sensitive Information Exposure

Title source: llm

Exploitation Summary

CVE-2014-4019 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Osanda Malith Jayathissa.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in ZTE WXV10 W300 routers, including default credentials, backup file disclosure, password disclosure, CSRF, and DoS. It provides PoC URLs and code snippets but does not include a full functional exploit.

Description

ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.

Exploits (1)

exploitdb WRITEUP

by Osanda Malith Jayathissa · textwebappshardware

https://www.exploit-db.com/exploits/33803

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in ZTE WXV10 W300 routers, including default credentials, backup file disclosure, password disclosure, CSRF, and DoS. It provides PoC URLs and code snippets but does not include a full functional exploit.

Classification

Writeup 95%

Attack Type

Info Leak | Auth Bypass | Dos

Complexity

Trivial

Reliability

Reliable

Target: ZTE WXV10 W300 with firmware W300V1.0.0a_ZRD_LK

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials T1189 - Drive-by Compromise T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html

Exploit, Third Party Advisory x_refsource_misc

https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://www.exploit-db.com/exploits/33803

Broken Link x_refsource_misc

http://www.osvdb.org/102668

Scores

CVSS v3 7.5

EPSS 0.5177

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2015-03-28

CWE

CWE-200

Status published

Products (1)

zte/zxv10_w300_firmware w300v1.0.0a_zrd_lk

Published Feb 20, 2020

Tracked Since Feb 18, 2026