CVE-2014-2321

web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 10, 2014
Published Date: March 11, 2014
Last Updated: September 16, 2024
Vendor: ZTE
Product: F460 & F660
Description: web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
Tags

CVSS Scores

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

Score: 90.03% (Percentile: 99.55%) as of 2025-06-14

Exploit Status

Exploited in the Wild: Yes (2025-05-31 00:00:00 UTC) Source

References

http://www.myxzy.com/post-411.html https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor http://www.kb.cert.org/vuls/id/600724

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-06-01 12:01:13 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-2321.yaml	2025-04-26 00:00:00 UTC

Timeline

CVE ID Reserved

March 10, 2014
CVE Published to Public

March 11, 2014
Detected by Nuclei

April 26, 2025
Added to KEVIntel

June 01, 2025