High severity7.5NVD Advisory· Published Aug 24, 2017· Updated May 13, 2026

CVE-2015-7257

Description

ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/134336/ZTE-ADSL-Authorization-Bypass-Information-Disclosure.htmlnvdThird Party AdvisoryVDB Entry
packetstormsecurity.com/files/134493/ZTE-ADSL-ZXV10-W300-Authorization-Disclosure-Backdoor.htmlnvdThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2015/Nov/48nvdMailing ListThird Party Advisory
www.exploit-db.com/exploits/38772/nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000