Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Znid_2426a_firmware
(Dasanzhone)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-21 | CVE-2014-8356 | The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference. | Znid_2426a_firmware | N/A | ||
| 2017-10-17 | CVE-2014-9118 | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | Znid_2426a_firmware | 8.8 | ||
| 2017-10-17 | CVE-2014-8357 | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | Znid_2426a_firmware | 8.8 |