CVE-2015-7257

Name of the Vulnerable Software and Affected Versions ZTE ADSL ZXV10 W300 modems versions W300V2.1.0f ER7 PE O57 through W300V2.1.0h ER7 PE O57

Description The issue allows remote authenticated non-administrator users to change the admin password. This is achieved by intercepting an outgoing password change request and modifying the username parameter from support to admin.

Recommendations For versions W300V2.1.0f ER7 PE O57 through W300V2.1.0h ER7 PE O57, as a temporary workaround, consider restricting access to the password change functionality to prevent unauthorized admin password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.