ZTE ZXV10 W300 Wireless Router Hardcoded Credentials Security Bypass Vulnerability Network Vulnerability

Summary

ZTE ZXV10 W300 wireless router is prone to a security-bypass vulnerability.

Impact

Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device.

Solution

Ask the Vendor for an update.

Insight

The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.

Affected

ZTE ZXV10 W300 running firmware version 2.1.0 is vulnerable other versions may also be affected.

Detection

Try to login into the telnet service.

References

http://www.securityfocus.com/bid/65310

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0329

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

MySQL weak password
Dell Remote Access Controller Default Login
Default password (db2as) for db2as
Unpassworded help account
WAGO I/O SYSTEM 758 Series Insecure Credential Vulnerabilities

Take action and discover your vulnerabilities