Main Vulnerability Database Vulnerabilities #VU58147

#VU58147 Permissions, Privileges, and Access Controls in F460 and F660 - CVE-2014-2321

Published: November 15, 2021 / Updated: August 14, 2022

Vulnerability identifier: #VU58147

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2014-2321

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: Public exploit is available

Vulnerable software:
F460
F660

Software vendor:
ZTE

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the web_shell_cmd.gch script. A remote attacker on the local network can gain elevated privileges on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://www.kb.cert.org/vuls/id/600724
http://www.myxzy.com/post-411.html
https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor

#VU58147 Permissions, Privileges, and Access Controls in F460 and F660 - CVE-2014-2321

Description

Remediation

External links

Please verify you're human