Security Advisory

CVE-2014-8357

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-17 16:00:00

Last updated 2024-08-06 13:18:48

Assigner mitre

State PUBLISHED

Description

backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.

← Browse all CVEs View on cve.org ↗