CVE-2014-2321
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
11/03/2014
Last modified:
12/04/2025
Description
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:zte:f460:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:f660:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.kb.cert.org/vuls/id/600724
- http://www.myxzy.com/post-411.html
- https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor
- http://www.kb.cert.org/vuls/id/600724
- http://www.myxzy.com/post-411.html
- https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor