CVE-2015-7259

Name of the Vulnerable Software and Affected Versions ZTE ADSL ZXV10 W300 modems versions W300V2.1.0f ER7 PE O57 through W300V2.1.0h ER7 PE O57

Description The issue allows user accounts to have multiple valid username and password pairs. This enables remote authenticated users to login to a target account via any of its username and password pairs.

Recommendations For versions W300V2.1.0f ER7 PE O57 through W300V2.1.0h ER7 PE O57, consider restricting access to user accounts to minimize the risk of exploitation by ensuring each account has a unique username and password pair. At the moment, there is no information about a newer version that contains a fix for this vulnerability.