CVE-2015-7255
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
29/08/2017
Last modified:
20/04/2025
Description
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.kb.cert.org/vuls/id/566724
- https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93
- https://www.kb.cert.org/vuls/id/BLUU-A2NQYR
- http://www.kb.cert.org/vuls/id/566724
- https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93
- https://www.kb.cert.org/vuls/id/BLUU-A2NQYR