Description
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
Exploits (2)
exploitdb
WORKING POC
by Project Zero Labs · textwebappshardware
https://www.exploit-db.com/exploits/35276
exploitdb
WORKING POC
by Project Zero Labs · textwebappshardware
https://www.exploit-db.com/exploits/35272
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129139/ZTE-ZXHN-H108L-Access-Bypass.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35276
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/46
Exploit x_refsource_misc
https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35272
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98733
Scores
EPSS
0.1773
EPSS Percentile
95.2%
Details
CWE
CWE-264
Status
published
Products (1)
zte/zxhn_h108l_firmware
4.0.0d_zrq_gr4
Published
Nov 20, 2014
Tracked Since
Feb 18, 2026