Main Vulnerability Database SB2014031120

SB2014031120 - Privilege escalation in ZTE F460 and F660

Published: March 11, 2014 Updated: August 14, 2022

Security Bulletin ID SB2014031120

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-2321)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the web_shell_cmd.gch script. A remote attacker on the local network can gain elevated privileges on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.kb.cert.org/vuls/id/600724
http://www.myxzy.com/post-411.html
https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor