Executive Summary

Summary
Title ZTE ZXV10 W300 router contains hardcoded credentials
Informations
Name VU#228886 First vendor Publication 2014-02-03
Vendor VU-CERT Last vendor Modification 2014-02-03
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#228886

ZTE ZXV10 W300 router contains hardcoded credentials

Original Release date: 03 Feb 2014 | Last revised: 03 Feb 2014

Overview

ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798)

Description

ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is "admin" and the password is "XXXXairocon" where "XXXX" is the last four characters of the device's MAC address. The MAC address is obtainable over SNMP with community string public.

Impact

A remote unauthenticated attacker may be able to obtain the MAC address of the device and log into the telnet service of the device with hardcoded credentials.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Enable firewall rules so the telnet service of the device is not accessible to untrusted sources. Enable firewall rules that block SNMP on the device.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
ZTE CorporationAffected03 Dec 201303 Feb 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal7.2E:POC/RL:W/RC:UC
Environmental5.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://cwe.mitre.org/data/definitions/798.html
  • http://wwwen.zte.com.cn/en/products/access/cpe/201302/t20130204_386351.html

Credit

Thanks to Cesar Neira for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2014-0329
  • Date Public:03 Feb 2014
  • Date First Published:03 Feb 2014
  • Date Last Updated:03 Feb 2014
  • Document Revision:7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/228886

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1

ExploitDB Exploits

id Description
2014-02-09 ZTE ZXV10 W300 Router - Hardcoded Credentials

Nessus® Vulnerability Scanner

Date Description
2014-03-05 Name : The remote device is using a known set of hard-coded credentials.
File : zte_zxv10_backdoor.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2016-06-29 01:31:21
  • Multiple Updates
2014-03-06 13:21:28
  • Multiple Updates
2014-02-10 17:19:17
  • Multiple Updates
2014-02-05 13:23:04
  • Multiple Updates
2014-02-04 13:22:18
  • Multiple Updates
2014-02-03 21:19:12
  • First insertion