{"vuid":"VU#228886","idnumber":"228886","name":"ZTE ZXV10 W300 router contains hardcoded credentials","keywords":["zte","zxv10","w300","router","adsl","hardcoded","credentials","backdoor","cwe-798","cpe"],"overview":"ZTE ZXV10 W300 router version 2.1.0, and possibly earlier versions, contains hardcoded credentials. (CWE-798)","clean_desc":"ZTE ZXV10 W300 router contains hardcoded credentials that are useable for the telnet service on the device. The username is \"admin\" and the password is \"XXXXairocon\" where \"XXXX\" is the last four characters of the device's MAC address. The MAC address is obtainable over SNMP with community string public. The vendor has provided a statement about this vulnerability.","impact":"A remote unauthenticated attacker may be able to obtain the MAC address of the device and log into the telnet service of the device with hardcoded credentials.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workaround.","workarounds":"Restrict Access Enable firewall rules so the telnet service of the device is not accessible to untrusted sources. Enable firewall rules that block SNMP on the device.","sysaffected":"","thanks":"Thanks to Cesar Neira for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://cwe.mitre.org/data/definitions/798.html","http://wwwen.zte.com.cn/en/products/access/cpe/201302/t20130204_386351.html"],"cveids":["CVE-2014-0329"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-12-02T13:20:25Z","publicdate":"2014-02-03T00:00:00Z","datefirstpublished":"2014-02-03T18:21:53Z","dateupdated":"2014-03-14T20:04:53Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.3","cvss_basevector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.2","cvss_environmentalscore":"5.38582948848","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}