Details of VAR-201402-0267

ID

VAR-201402-0267

CVE

CVE-2014-0329

TITLE

Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#525276

DESCRIPTION

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798). ASUS , DIGICOM , Observa Telecom , Philippine Long Distance Telephone (PLDT) , ZTE Provided by DSL The router has a hard-coded password "XXXXaircon" There is a problem to use. ASUS DSL-N12E , DIGICOM DG-5524T , Observa Telecom RTA01N , Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN , ZTE ZXV10 W300S Etc. DSL The router has telnet There is a problem that authentication information that can be used to access the device is hard-coded. The username is ASUS , DIGICOM , Observa Telecom , ZTE In the equipment of "admin" But, PLDT In the equipment of "adminpldt" Is used and the password is "XXXXairocon" ( XXXX Is the equipment MAC The last four digits of the address are used. MAC Address is SNMP Community string public May be able to get through. Authentication information ( password ) Is hard-coded (CWE-798) CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html This vulnerability ZTE ZXV10 W300 As a matter of 2014 Year 2 A month JVNVU#99523838 Published on CVE-2014-0329 Has been assigned. This time, products from several other vendors have been found to have the same vulnerability. Observa Telecom RTA01N For vulnerabilities in 2015 Year 5 A month Full Disclosure It is published in JVNVU#99523838 https://jvn.jp/vu/JVNVU99523838/ Full Disclosure http://seclists.org/fulldisclosure/2015/May/129A remote attacker could use the authentication information and gain access to the device as an administrator. ZTE Provided by ZXV10 W300 Has a problem with hard-coded credentials. Multiple DSL Routers are prone to a security-bypass vulnerability. The vulnerability stems from the fact that the program installation uses default hard-coded credentials, and the first four digits of the admin account password 'XXXXairocon' are set to the last four digits of the MAC address

Trust: 5.4

sources: NVD: CVE-2014-0329 // CERT/CC: VU#525276 // CERT/CC: VU#950576 // CERT/CC: VU#228886 // JVNDB: JVNDB-2015-004558 // JVNDB: JVNDB-2014-001305 // CNVD: CNVD-2014-00705 // BID: 65310 // VULHUB: VHN-67822

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00705

AFFECTED PRODUCTS

vendor:	zte	model:	zxv10 w300	scope:	eq	version:	2.1.0	Trust: 2.2
vendor:	philippine long distance telephone	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	zte	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	asustek computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	digicom hk	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	observa telecom	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	dsl-n12e	scope:	-	version:	-	Trust: 0.8
vendor:	digicom	model:	dg-5524t	scope:	-	version:	-	Trust: 0.8
vendor:	observa telecom	model:	rta01n v2	scope:	-	version:	-	Trust: 0.8
vendor:	philippine long distance telephone pldt	model:	speedsurf 504an	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxv10 w300s	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxv10 w300	scope:	lte	version:	version 2.1.0	Trust: 0.8
vendor:	zte	model:	zxv10 w300	scope:	eq	version:	2.1	Trust: 0.3
vendor:	philippine	model:	long distance telephone speedsurf 504an	scope:	-	version:	-	Trust: 0.3
vendor:	observa	model:	telecom rta01n	scope:	eq	version:	0	Trust: 0.3
vendor:	digicom	model:	dg-5524t	scope:	eq	version:	0	Trust: 0.3
vendor:	asus	model:	dsl-n12e	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#525276 // CERT/CC: VU#950576 // CERT/CC: VU#228886 // CNVD: CNVD-2014-00705 // BID: 65310 // JVNDB: JVNDB-2015-004558 // JVNDB: JVNDB-2014-001305 // CNNVD: CNNVD-201402-026 // NVD: CVE-2014-0329

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2014-0329
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2014-0329
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2015-004558
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00705
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201402-026
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-67822
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0329
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2014-0329
severity:	HIGH
baseScore:	9.3
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2015-004558
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-00705
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-67822
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#228886 // CNVD: CNVD-2014-00705 // VULHUB: VHN-67822 // JVNDB: JVNDB-2015-004558 // JVNDB: JVNDB-2014-001305 // CNNVD: CNNVD-201402-026 // NVD: CVE-2014-0329

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-798	Trust: 0.8
problemtype:	CWE-Other	Trust: 0.8

sources: CERT/CC: VU#228886 // VULHUB: VHN-67822 // JVNDB: JVNDB-2014-001305 // NVD: CVE-2014-0329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-026

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201402-026

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004558

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#228886 // VULHUB: VHN-67822

PATCH

title:	ZXV10 W300S	url:	http://wwwen.zte.com.cn/en/products/access/cpe/201302/t20130204_386351.html	Trust: 1.6
title:	DSL-N12E	url:	https://www.asus.com/Networking/DSLN12E/	Trust: 0.8
title:	DG-5524T	url:	http://www.digicom.com.hk/index.php?section=products&action=details&id=156#.Vd5djH1K5ve	Trust: 0.8
title:	Router ADSL Observa RTA01N v2	url:	http://www.movistar.es/particulares/atencion-cliente/internet/adsl/equipamiento-adsl/routers/router-adsl-observa-rta01n-v2/	Trust: 0.8
title:	PLDT - Philippine Long Distance Telephone Company (Top Page)	url:	http://www.pldt.com/	Trust: 0.8
title:	ZTE ZXV10 W300 Router Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/43267	Trust: 0.6

sources: CNVD: CNVD-2014-00705 // JVNDB: JVNDB-2015-004558 // JVNDB: JVNDB-2014-001305

EXTERNAL IDS

db:	CERT/CC	id:	VU#228886	Trust: 5.0
db:	NVD	id:	CVE-2014-0329	Trust: 3.4
db:	BID	id:	65310	Trust: 2.0
db:	CERT/CC	id:	VU#950576	Trust: 1.9
db:	JVN	id:	JVNVU99523838	Trust: 1.6
db:	CERT/CC	id:	VU#525276	Trust: 1.1
db:	OSVDB	id:	102816	Trust: 1.1
db:	PACKETSTORM	id:	125142	Trust: 1.1
db:	JVN	id:	JVNVU90419607	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004558	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001305	Trust: 0.8
db:	CNNVD	id:	CNNVD-201402-026	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00705	Trust: 0.6
db:	EXPLOIT-DB	id:	31527	Trust: 0.1
db:	SEEBUG	id:	SSVID-84851	Trust: 0.1
db:	VULHUB	id:	VHN-67822	Trust: 0.1

sources: CERT/CC: VU#525276 // CERT/CC: VU#950576 // CERT/CC: VU#228886 // CNVD: CNVD-2014-00705 // VULHUB: VHN-67822 // BID: 65310 // JVNDB: JVNDB-2015-004558 // JVNDB: JVNDB-2014-001305 // CNNVD: CNNVD-201402-026 // NVD: CVE-2014-0329

REFERENCES

url:	http://www.kb.cert.org/vuls/id/228886	Trust: 4.2
url:	http://seclists.org/fulldisclosure/2015/may/129	Trust: 1.6
url:	http://wwwen.zte.com.cn/en/products/access/cpe/201302/t20130204_386351.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/65310	Trust: 1.1
url:	http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/125142/zte-zxv10-w300-hardcoded-credentials.html	Trust: 1.1
url:	http://osvdb.org/102816	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90958	Trust: 1.1
url:	https://www.kb.cert.org/vuls/id/950576	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	https://www.asus.com/networking/dsln12e/	Trust: 0.8
url:	http://www.digicom.com.hk/index.php?section=products&action=details&id=156#.vdzitpcuzl0	Trust: 0.8
url:	http://www.movistar.es/particulares/atencion-cliente/internet/adsl/equipamiento-adsl/routers/router-adsl-observa-rta01n-v2/	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/798.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99523838/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90419607/index.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0329	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99523838/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0329	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/525276	Trust: 0.3

CREDITS

Cesar Neira

Trust: 0.3

sources: BID: 65310

SOURCES

db:	CERT/CC	id:	VU#525276
db:	CERT/CC	id:	VU#950576
db:	CERT/CC	id:	VU#228886
db:	CNVD	id:	CNVD-2014-00705
db:	VULHUB	id:	VHN-67822
db:	BID	id:	65310
db:	JVNDB	id:	JVNDB-2015-004558
db:	JVNDB	id:	JVNDB-2014-001305
db:	CNNVD	id:	CNNVD-201402-026
db:	NVD	id:	CVE-2014-0329

LAST UPDATE DATE

2024-11-23T22:13:49.810000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#525276	date:	2016-04-17T00:00:00
db:	CERT/CC	id:	VU#950576	date:	2015-08-27T00:00:00
db:	CERT/CC	id:	VU#228886	date:	2014-03-14T00:00:00
db:	CNVD	id:	CNVD-2014-00705	date:	2014-02-11T00:00:00
db:	VULHUB	id:	VHN-67822	date:	2017-08-29T00:00:00
db:	BID	id:	65310	date:	2015-11-03T19:21:00
db:	JVNDB	id:	JVNDB-2015-004558	date:	2015-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-001305	date:	2014-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201402-026	date:	2014-02-08T00:00:00
db:	NVD	id:	CVE-2014-0329	date:	2024-11-21T02:01:53.493

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#525276	date:	2015-08-31T00:00:00
db:	CERT/CC	id:	VU#950576	date:	2015-08-25T00:00:00
db:	CERT/CC	id:	VU#228886	date:	2014-02-03T00:00:00
db:	CNVD	id:	CNVD-2014-00705	date:	2014-02-11T00:00:00
db:	VULHUB	id:	VHN-67822	date:	2014-02-04T00:00:00
db:	BID	id:	65310	date:	2014-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-004558	date:	2015-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-001305	date:	2014-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201402-026	date:	2014-02-08T00:00:00
db:	NVD	id:	CVE-2014-0329	date:	2014-02-04T05:39:08.450