Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

ZTE ZXV10 W300 router contains hardcoded credentials

From: Cesar Neira <csar.1603 () gmail com>
Date: Mon, 10 Feb 2014 21:06:10 -0500
Hello everyone.

I have written this script to exploit a backdoor in the routers ZTE ZXV10
W300 and  Planet ADE 3400.

Exploit (NSE script):

https://github.com/alguien-gh/scripts/blob/master/exploits/nse/airocon.nse

Description:

ZTE ZXV10 W300 router contains hardcoded credentials that are useable for
the telnet service on the device. The username is "admin" and the password
is "XXXXairocon" where "XXXX" is the last four characters of the device's
MAC address. The MAC address is obtainable over SNMP with community string
public.

CVE: CVE-2014-0329

Dork (Shodan): Basic realm="index.htm"

References:

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0329
-
http://alguienenlafisi.blogspot.com/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
- http://www.kb.cert.org/vuls/id/228886



-- 
Alguien
http://alguienenlafisi.blogspot.com
Root-Node
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: