Home page logo
/

nmap-dev logo Nmap Development mailing list archives

ZTE ZXV10 W300 router contains hardcoded credentials
From: Cesar Neira <csar.1603 () gmail com>
Date: Mon, 10 Feb 2014 21:06:10 -0500

Hello everyone.

I have written this script to exploit a backdoor in the routers ZTE ZXV10
W300 and  Planet ADE 3400.

Exploit (NSE script):

https://github.com/alguien-gh/scripts/blob/master/exploits/nse/airocon.nse

Description:

ZTE ZXV10 W300 router contains hardcoded credentials that are useable for
the telnet service on the device. The username is "admin" and the password
is "XXXXairocon" where "XXXX" is the last four characters of the device's
MAC address. The MAC address is obtainable over SNMP with community string
public.

CVE: CVE-2014-0329

Dork (Shodan): Basic realm="index.htm"

References:

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0329
-
http://alguienenlafisi.blogspot.com/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
- http://www.kb.cert.org/vuls/id/228886



-- 
Alguien
http://alguienenlafisi.blogspot.com
Root-Node
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • ZTE ZXV10 W300 router contains hardcoded credentials Cesar Neira (Feb 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault