exploitDog

GHSA-v3q9-ph26-jhf2

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

Ссылки

EPSS

Процентиль: 74%

0.00804

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-7255

CVSS3: 7.5

nvd

больше 8 лет назад

ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.

EPSS

Процентиль: 74%

0.00804

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200