CVE-2017-10935
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user’s password.
Date published : 2018-07-25
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008723