VYPR

Znid 2426a Firmware

by Zhone

CVEs (2)

  • CVE-2014-9118HigOct 17, 2017
    risk 0.64cvss 8.8epss 0.53

    The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

  • CVE-2014-8357HigOct 17, 2017
    risk 0.61cvss 8.8epss 0.05

    backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.