CVE-2015-7251 - OpenCVE

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zte	Zxhn H108n R1a Zxhn H108n R1a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/77421
https://www.exploit-db.com/exploits/38773/
https://www.kb.cert.org/vuls/id/391604	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2015-12-30T02:00:00

Updated: 2017-09-12T09:57:01

Reserved: 2015-09-18T00:00:00

Link: CVE-2015-7251

JSON object: View

NVD Information

Status : Modified

Published: 2015-12-30T05:59:04.160

Modified: 2017-09-13T01:29:07.613

Link: CVE-2015-7251

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-12T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "77421", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77421"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/391604"}, {"name": "38773", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/38773/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-7251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "77421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77421"}, {"name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA", "refsource": "CONFIRM", "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/391604"}, {"name": "38773", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38773/"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-7251", "datePublished": "2015-12-30T02:00:00", "dateReserved": "2015-09-18T00:00:00", "dateUpdated": "2017-09-12T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3F8294C-E254-4328-8884-C27B9F880D01", "versionEndIncluding": "zte.bhs.zxhnh108nr1a.h_pe", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A0A9215-1F66-4A0B-BF01-0064769F6812", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session."}, {"lang": "es", "value": "Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE tienen una contrase\u00f1a embebida de root para la cuenta root, lo que permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de una sesi\u00f3n TELNET."}], "id": "CVE-2015-7251", "lastModified": "2017-09-13T01:29:07.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-12-30T05:59:04.160", "references": [{"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/77421"}, {"source": "cret@cert.org", "url": "https://www.exploit-db.com/exploits/38773/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/391604"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}