CVE-2015-8703

Published: Dec 30, 2015Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.

Affected (2)

Products: Zte: Zxhn H108n R1a Firmware, Zxv10 W300 Firmware

2 products

Zxhn H108n R1a Firmware

Zxv10 W300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxhn H108n R1a Firmware	Up to zte.bhs.zxhnh108nr1a.h_pe

Running on/with	Platform Versions
Zte Zxhn H108n R1a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 W300 Firmware	Up to w300v1.0.0f_er1_pe

Running on/with	Platform Versions
Zte Zxv10 W300	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/77421

Source: cret@cert.org

https://www.kb.cert.org/vuls/id/391604

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/77421

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/391604

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/BLUU-9ZDJWA

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.