Znid 2426a Firmware
by Dasanzhone
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9118 | Hig | 0.64 | 8.8 | 0.52 | Oct 17, 2017 | The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | |
| CVE-2014-8357 | Hig | 0.62 | 8.8 | 0.18 | Oct 17, 2017 | backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. |