CVE-2014-8356

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dasanzhone:znid_2426a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dasanzhone:znid_2426a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:18

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2015/Oct/57 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2015/Oct/57 - Exploit, Mailing List, Third Party Advisory
References () https://www.exploit-db.com/exploits/38453/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/38453/ - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2019-11-21 22:15

Updated : 2024-11-21 02:18


NVD link : CVE-2014-8356

Mitre link : CVE-2014-8356

CVE.ORG link : CVE-2014-8356


JSON object : View

Products Affected

dasanzhone

  • znid_2426a
  • znid_2426a_firmware
CWE
CWE-639

Authorization Bypass Through User-Controlled Key