CVE-2014-4155

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 19/06/14 - Updated on 18/07/14

Description

Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2014-4155

Exploits

Exploit-DBEDB-33803

Relative technologies

VendorProduct
ztezxv10_w300
ztezxv10_w300_firmware

Share this vulnerability with:

Twitter Facebook LinkedIn Mail