ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
Software | From | Fixed in |
---|---|---|
zte / zxv10_w300_firmware | w300v1.0.0a_zrd_lk | w300v1.0.0a_zrd_lk.x |