CVE-2015-7249 - OpenCVE

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:C/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Zte	Zxhn H108n R1a Zxhn H108n R1a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/77421
https://www.exploit-db.com/exploits/38773/
https://www.kb.cert.org/vuls/id/391604	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2015-12-30T02:00:00

Updated: 2017-09-12T09:57:01

Reserved: 2015-09-18T00:00:00

Link: CVE-2015-7249

JSON object: View

NVD Information

Status : Modified

Published: 2015-12-30T05:59:02.333

Modified: 2017-09-13T01:29:07.503

Link: CVE-2015-7249

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-12T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "77421", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77421"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/391604"}, {"name": "38773", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38773/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-7249", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "77421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77421"}, {"name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA", "refsource": "CONFIRM", "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/391604"}, {"name": "38773", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38773/"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-7249", "datePublished": "2015-12-30T02:00:00", "dateReserved": "2015-09-18T00:00:00", "dateUpdated": "2017-09-12T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3F8294C-E254-4328-8884-C27B9F880D01", "versionEndIncluding": "zte.bhs.zxhnh108nr1a.h_pe", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A0A9215-1F66-4A0B-BF01-0064769F6812", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action."}, {"lang": "es", "value": "Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso a trav\u00e9s de una petici\u00f3n modificada, seg\u00fan lo demostrado aprovechando la cuenta de soporte para cambiar una contrase\u00f1a a trav\u00e9s de una acci\u00f3n accountpsd cgi-bin/webproc."}], "id": "CVE-2015-7249", "lastModified": "2017-09-13T01:29:07.503", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-12-30T05:59:02.333", "references": [{"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/77421"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/38773/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/391604"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}