CVE-2015-8703 - OpenCVE

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zte	Zxhn H108n R1a Zxhn H108n R1a Firmware Zxv10 W300 Zxv10 W300 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:zte:zxv10_w300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxv10_w300:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/77421
https://www.kb.cert.org/vuls/id/391604
https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2015-12-30T02:00:00

Updated: 2024-08-06T08:29:21.214Z

Reserved: 2015-12-29T00:00:00

Link: CVE-2015-8703

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-12-30T05:59:14.877

Modified: 2016-11-28T19:48:57.443

Link: CVE-2015-8703

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "77421", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77421"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/391604"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-8703", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "77421", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77421"}, {"name": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA", "refsource": "CONFIRM", "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/391604"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:21.214Z"}, "title": "CVE Program Container", "references": [{"name": "77421", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77421"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}, {"name": "VU#391604", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/391604"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-8703", "datePublished": "2015-12-30T02:00:00", "dateReserved": "2015-12-29T00:00:00", "dateUpdated": "2024-08-06T08:29:21.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h108n_r1a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3F8294C-E254-4328-8884-C27B9F880D01", "versionEndIncluding": "zte.bhs.zxhnh108nr1a.h_pe", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h108n_r1a:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A0A9215-1F66-4A0B-BF01-0064769F6812", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxv10_w300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEAEB00D-3718-4908-869F-22BDE6C96EB3", "versionEndIncluding": "w300v1.0.0f_er1_pe", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxv10_w300:*:*:*:*:*:*:*:*", "matchCriteriaId": "84553EC1-5EE0-4C4B-9DD6-011B75E6D5A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248."}, {"lang": "es", "value": "Dispositivos ZTE ZXHN H108N R1A en versiones anteriores a ZTE.bhs.ZXHNH108NR1A.k_PE y dispositivos ZXV10 W300 en versiones anteriores aW300V1.0.0f_ER1_PE permiten a usuarios remotos autenticados eludir las restricciones destinadas al acceso, y descubrir credenciales y claves, leyendo el archivo de configuraci\u00f3n, una vulnerabilidad diferente a CVE-2015-7248."}], "id": "CVE-2015-8703", "lastModified": "2016-11-28T19:48:57.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2015-12-30T05:59:14.877", "references": [{"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/77421"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/391604"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}