Sign-up

ID

VAR-201512-0214


CVE

CVE-2015-8703


TITLE

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#391604

DESCRIPTION

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248. ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities. ZTE ZXHN H108N R1A is a wireless router product of China ZTE Corporation. ZTE ZXHN H108N R1A routers are prone to the following security vulnerabilities: 1. Multiple information-disclosure vulnerabilities 2. An authorization-bypass vulnerability 3. A directory-traversal vulnerability 4. A hard-coded credentials vulnerability 5. A cross-site scripting vulnerability Attackers can exploit these issues to gain access to the browser of an unsuspecting user and execute arbitrary script code in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, read arbitrary files, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 3.33

sources: NVD: CVE-2015-8703 // CERT/CC: VU#391604 // JVNDB: JVNDB-2015-006592 // CNVD: CNVD-2015-08532 // BID: 77421 // VULHUB: VHN-86664 // VULMON: CVE-2015-8703

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08532

AFFECTED PRODUCTS

vendor:ztemodel:zxv10 w300scope:eqversion:w300v1.0.0f_er1_pe

Trust: 1.4

vendor:ztemodel:zxhn h108n r1ascope:lteversion:zte.bhs.zxhnh108nr1a.h_pe

Trust: 1.0

vendor:ztemodel:zxv10 w300scope:lteversion:w300v1.0.0f_er1_pe

Trust: 1.0

vendor:ztemodel: - scope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn h108n r1ascope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn h108n r1ascope:ltversion:zte.bhs.zxhnh108nr1a.k_pe

Trust: 0.8

vendor:ztemodel:zxv10 w300scope: - version: -

Trust: 0.8

vendor:ztemodel:zxhn h108n r1a zte.bhs.zxhnh108nr1a.h pescope: - version: -

Trust: 0.6

vendor:ztemodel:zxhn h108n r1a zxv10 w300 w300v1.0.0f er1 pescope: - version: -

Trust: 0.6

vendor:ztemodel:zxhn h108n r1ascope:eqversion:zte.bhs.zxhnh108nr1a.h_pe

Trust: 0.6

vendor:ztemodel:zxv10 w300 w300v1.0.0f er1 pescope: - version: -

Trust: 0.3

vendor:ztemodel:zxhn h108n r1a zte.bhs.zxhnh108nr1ascope: - version: -

Trust: 0.3

vendor:ztemodel:zxhn h108n r1a zte.bhs.zxhnh108nr1ascope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#391604 // CNVD: CNVD-2015-08532 // BID: 77421 // JVNDB: JVNDB-2015-006592 // CNNVD: CNNVD-201512-705 // NVD: CVE-2015-8703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8703
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8703
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08532
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-705
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86664
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-8703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8703
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08532
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86664
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8703
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08532 // VULHUB: VHN-86664 // VULMON: CVE-2015-8703 // JVNDB: JVNDB-2015-006592 // CNNVD: CNNVD-201512-705 // NVD: CVE-2015-8703

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-86664 // JVNDB: JVNDB-2015-006592 // NVD: CVE-2015-8703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-705

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-705

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006592

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-86664 // 
            
            
            
            VULMON: CVE-2015-8703

PATCH
title:Top Pageurl:http://www.zte.co.jp/
Trust: 0.8
title:ZTE ZXHN H108N R1A devices patch for information disclosure vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/69280
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08532 // 
            
            
            
            JVNDB: JVNDB-2015-006592

EXTERNAL IDS
db:CERT/CCid:VU#391604
Trust: 3.7
db:NVDid:CVE-2015-8703
Trust: 3.5
db:BIDid:77421
Trust: 1.5
db:JVNid:JVNVU91514956
Trust: 0.8
db:JVNDBid:JVNDB-2015-006592
Trust: 0.8
db:CNNVDid:CNNVD-201512-705
Trust: 0.7
db:CNVDid:CNVD-2015-08532
Trust: 0.6
db:EXPLOIT-DBid:38773
Trust: 0.2
db:VULHUBid:VHN-86664
Trust: 0.1
db:VULMONid:CVE-2015-8703
Trust: 0.1
sources:
            
            
            CERT/CC: VU#391604 // 
            
            
            
            CNVD: CNVD-2015-08532 // 
            
            
            
            VULHUB: VHN-86664 // 
            
            
            
            VULMON: CVE-2015-8703 // 
            
            
            
            BID: 77421 // 
            
            
            
            JVNDB: JVNDB-2015-006592 // 
            
            
            
            CNNVD: CNNVD-201512-705 // 
            
            
            
            NVD: CVE-2015-8703

REFERENCES
url:https://www.kb.cert.org/vuls/id/391604
Trust: 2.9
url:https://www.kb.cert.org/vuls/id/bluu-9zdjwa
Trust: 2.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8703
Trust: 1.4
url:http://www.securityfocus.com/bid/77421
Trust: 1.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.9
url:https://cwe.mitre.org/data/definitions/285.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/288.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/22.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/798.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8703
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91514956/index.html
Trust: 0.8
url:http://www.zte.com.cn/
Trust: 0.3
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/38773/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#391604 // 
            
            
            
            CNVD: CNVD-2015-08532 // 
            
            
            
            VULHUB: VHN-86664 // 
            
            
            
            VULMON: CVE-2015-8703 // 
            
            
            
            BID: 77421 // 
            
            
            
            JVNDB: JVNDB-2015-006592 // 
            
            
            
            CNNVD: CNNVD-201512-705 // 
            
            
            
            NVD: CVE-2015-8703

CREDITS
Karn Ganeshen
Trust: 0.3
sources:
            
            
            BID: 77421

SOURCES
db:CERT/CCid:VU#391604
db:CNVDid:CNVD-2015-08532
db:VULHUBid:VHN-86664
db:VULMONid:CVE-2015-8703
db:BIDid:77421
db:JVNDBid:JVNDB-2015-006592
db:CNNVDid:CNNVD-201512-705
db:NVDid:CVE-2015-8703

LAST UPDATE DATE
2024-11-23T21:43:34.758000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#391604date:2015-11-04T00:00:00
db:CNVDid:CNVD-2015-08532date:2015-12-31T00:00:00
db:VULHUBid:VHN-86664date:2016-11-28T00:00:00
db:VULMONid:CVE-2015-8703date:2016-11-28T00:00:00
db:BIDid:77421date:2016-02-02T20:05:00
db:JVNDBid:JVNDB-2015-006592date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-705date:2015-12-31T00:00:00
db:NVDid:CVE-2015-8703date:2024-11-21T02:38:59.417

SOURCES RELEASE DATE
db:CERT/CCid:VU#391604date:2015-11-03T00:00:00
db:CNVDid:CNVD-2015-08532date:2015-12-31T00:00:00
db:VULHUBid:VHN-86664date:2015-12-30T00:00:00
db:VULMONid:CVE-2015-8703date:2015-12-30T00:00:00
db:BIDid:77421date:2015-11-04T00:00:00
db:JVNDBid:JVNDB-2015-006592date:2016-01-05T00:00:00
db:CNNVDid:CNNVD-201512-705date:2015-12-31T00:00:00
db:NVDid:CVE-2015-8703date:2015-12-30T05:59:14.877