High severity8.8NVD Advisory· Published Oct 17, 2017· Updated Jun 17, 2026
CVE-2014-8357
CVE-2014-8357
Description
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <S3.0.501
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2015/Oct/57nvdExploitMailing ListThird Party Advisory
- www.exploit-db.com/exploits/38453/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/536663/100/0/threadednvd
News mentions
0No linked articles in our index yet.