ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/127129/ZTE-WXV10-W300-Disclosure-CSRF-Default.html | Exploit Third Party Advisory VDB Entry |
http://www.exploit-db.com/exploits/33803 | Exploit Third Party Advisory VDB Entry |
http://www.osvdb.org/102668 | Broken Link |
https://osandamalith.wordpress.com/2014/06/15/zte-wxv10-w300-multiple-vulnerabilities/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-02-20T17:27:39
Updated: 2020-02-20T17:27:39
Reserved: 2014-06-11T00:00:00
Link: CVE-2014-4019
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-02-20T18:15:11.403
Modified: 2020-02-28T01:42:54.123
Link: CVE-2014-4019
JSON object: View
Redhat Information
No data.
CWE