Sign-up

ID

VAR-201711-1241


TITLE

CSRF vulnerability in ZTE ZXV10 H108B wireless cat

Trust: 0.6

sources: CNVD: CNVD-2017-35553

DESCRIPTION

ZXV10 H108B is a wireless broadband router cat. The ZRF ZXV10 H108B wireless cat has a CSRF vulnerability that allows an attacker to hijack the administrator's identity and modify the wireless cat's DNS settings.

Trust: 0.6

sources: CNVD: CNVD-2017-35553

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35553

AFFECTED PRODUCTS

vendor:ztemodel:zxv10 h108bscope:eqversion:v2.0.0

Trust: 0.6

vendor:ztemodel:zxv10 h108lascope:eqversion:v2.0.0

Trust: 0.6

sources: CNVD: CNVD-2017-35553

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-35553
value: LOW

Trust: 0.6

CNVD: CNVD-2017-35553
severity: LOW
baseScore: 3.2
vectorString: AV:A/AC:H/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-35553

PATCH

title:CSRF vulnerability in ZTE ZXV10 H108B wireless caturl:https://www.cnvd.org.cn/patchinfo/show/103547

Trust: 0.6

sources: CNVD: CNVD-2017-35553

EXTERNAL IDS

db:CNVDid:CNVD-2017-35553

Trust: 0.6

sources: CNVD: CNVD-2017-35553

SOURCES

db:CNVDid:CNVD-2017-35553

LAST UPDATE DATE

2022-05-04T09:47:28.990000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-35553date:2017-12-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-35553date:2017-11-20T00:00:00