CVE-2014-8356

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.

Ссылки

http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Oct/57
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/38453/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Oct/57
Exploit
Mailing List
Third Party Advisory
https://www.exploit-db.com/exploits/38453/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dasanzhone:znid_2426a_firmware:*:*:*:*:*:*:*:*

Версия до s3.0.501 (исключая)

cpe:2.3:h:dasanzhone:znid_2426a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01814

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-r8v2-57gh-7g47

github

больше 3 лет назад