The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2015/Oct/57 | Exploit Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/38453/ | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2015/Oct/57 | Exploit Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/38453/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2015/Oct/57 - Exploit, Mailing List, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/38453/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-11-21 22:15
Updated : 2024-11-21 02:18
NVD link : CVE-2014-8356
Mitre link : CVE-2014-8356
CVE.ORG link : CVE-2014-8356
JSON object : View
Products Affected
dasanzhone
- znid_2426a
- znid_2426a_firmware
CWE
CWE-639
Authorization Bypass Through User-Controlled Key