7.5
CVE-2015-7255
- EPSS 0.8%
- Published 29.08.2017 15:29:00
- Last modified 20.04.2025 01:37:25
- Source cret@cert.org
- Teams watchlist Login
- Open Login
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
Data is provided by the National Vulnerability Database (NVD)
Zte ≫ Ox-330p Firmware Version-
Zte ≫ Zxhn H108n Firmware Version-
Zte ≫ W300v1.0.0s Zrd Tr1 D68 Firmware Version-
Zte ≫ Hg110 Firmware Version-
Zte ≫ Gan9.8t101a-b Firmware Version-
Zte ≫ Mf28g Firmware Version-
Zte ≫ Zxhn H108n Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.8% | 0.719 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.