Default Password Being Used (CVE-2014-4018)
In ZTE routers the username is a constant which is “admin” and the password by default is “admin”
ROM-0 Backup File Disclosure (CVE-2014-4019)
There is a rom-0 backup file contains sensitive information such as the passwords. There is a disclosure in which anyone can download that file without any authentication by a simple GET request.
http://192.168.1.1/rom-0
