Zhone zNID 2426A Wireless Router

Platform Information https://dasanzhone.com/product/znid-gpon-2400a-series/
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection Yes
Fingerprinting Source HTTP NIC VENDOR
Added at Jan 08, 2019
Manufacturer Name DASAN Zhone Solutions, Inc.
Homepage https://dasanzhone.com/
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2014-9118
10/17/2017
HIGH
HIGH
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVE-2014-8357
10/17/2017
HIGH
MEDIUM
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2014-9118
10/17/2017
HIGH
HIGH
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVE-2014-8357
10/17/2017
HIGH
MEDIUM
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.