Details of VAR-201411-0370

ID

VAR-201411-0370

CVE

CVE-2014-8493

TITLE

ZTE ZXHN H108L In the firmware CWMP Vulnerability whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2014-005560

DESCRIPTION

ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1. ZTE ZXHN H108L Router is a wireless router product of China ZTE Corporation (ZTE). The ZTE ZXHN H108L Router has a remote authentication bypass vulnerability that can be exploited by remote attackers to bypass the authentication mechanism and gain unauthorized access. ZTE ZXHN H108L router is prone to a remote authentication-bypass vulnerability. ZTE ZXHN H108L running firmware ZXHN H108LV4.0.0d_ZRQ_GR4 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2014-8493 // JVNDB: JVNDB-2014-005560 // CNVD: CNVD-2014-08428 // BID: 71181 // VULHUB: VHN-76438

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08428

AFFECTED PRODUCTS

vendor:	zte	model:	zxhn h108l	scope:	eq	version:	4.0.0d_zrq_gr4	Trust: 2.4
vendor:	zte	model:	zxhn h108l	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	zxhn h108l zxhn h108lv4.0.0d zrq gr4	scope:	-	version:	-	Trust: 0.6
vendor:	zte	model:	zxhn h108l zxhn h108lv4.0.0d zr	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-08428 // BID: 71181 // JVNDB: JVNDB-2014-005560 // CNNVD: CNNVD-201411-373 // NVD: CVE-2014-8493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8493
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8493
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08428
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-373
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76438
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8493
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08428
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-76438
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-08428 // VULHUB: VHN-76438 // JVNDB: JVNDB-2014-005560 // CNNVD: CNNVD-201411-373 // NVD: CVE-2014-8493

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-76438 // JVNDB: JVNDB-2014-005560 // NVD: CVE-2014-8493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-373

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201411-373

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005560

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-76438

PATCH

title:

Top Page

url:

http://wwwen.zte.com.cn/en/

Trust: 0.8

sources: JVNDB: JVNDB-2014-005560

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8493	Trust: 3.4
db:	PACKETSTORM	id:	129139	Trust: 1.7
db:	EXPLOIT-DB	id:	35272	Trust: 1.7
db:	EXPLOIT-DB	id:	35276	Trust: 1.7
db:	BID	id:	71181	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-005560	Trust: 0.8
db:	CNNVD	id:	CNNVD-201411-373	Trust: 0.7
db:	CNVD	id:	CNVD-2014-08428	Trust: 0.6
db:	XF	id:	98733	Trust: 0.6
db:	VULHUB	id:	VHN-76438	Trust: 0.1

sources: CNVD: CNVD-2014-08428 // VULHUB: VHN-76438 // BID: 71181 // JVNDB: JVNDB-2014-005560 // CNNVD: CNNVD-201411-373 // NVD: CVE-2014-8493

REFERENCES

url:	https://projectzero.gr/en/2014/11/zte-zxhn-h108l-authentication-bypass/	Trust: 2.5
url:	http://seclists.org/fulldisclosure/2014/nov/46	Trust: 2.0
url:	http://www.exploit-db.com/exploits/35272	Trust: 1.7
url:	http://www.exploit-db.com/exploits/35276	Trust: 1.7
url:	http://packetstormsecurity.com/files/129139/zte-zxhn-h108l-access-bypass.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98733	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8493	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8493	Trust: 0.8
url:	http://www.securityfocus.com/bid/71181	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/98733	Trust: 0.6
url:	http://www.zte.com.cn/	Trust: 0.3

sources: CNVD: CNVD-2014-08428 // VULHUB: VHN-76438 // BID: 71181 // JVNDB: JVNDB-2014-005560 // CNNVD: CNNVD-201411-373 // NVD: CVE-2014-8493

CREDITS

Project Zero Labs

Trust: 0.3

sources: BID: 71181

SOURCES

db:	CNVD	id:	CNVD-2014-08428
db:	VULHUB	id:	VHN-76438
db:	BID	id:	71181
db:	JVNDB	id:	JVNDB-2014-005560
db:	CNNVD	id:	CNNVD-201411-373
db:	NVD	id:	CVE-2014-8493

LAST UPDATE DATE

2025-04-13T23:14:41.247000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08428	date:	2014-11-21T00:00:00
db:	VULHUB	id:	VHN-76438	date:	2017-09-08T00:00:00
db:	BID	id:	71181	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005560	date:	2014-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201411-373	date:	2014-11-21T00:00:00
db:	NVD	id:	CVE-2014-8493	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08428	date:	2014-11-21T00:00:00
db:	VULHUB	id:	VHN-76438	date:	2014-11-20T00:00:00
db:	BID	id:	71181	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005560	date:	2014-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201411-373	date:	2014-11-21T00:00:00
db:	NVD	id:	CVE-2014-8493	date:	2014-11-20T17:50:01.987