Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
ZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities.