CVE-2017-10930

Published: Sep 19, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

Affected (4)

Products: Zte: Zxr10 1800 2s Firmware, Zxr10 2800 4 Firmware, Zxr10 3800 8 Firmware, Zxr10 160 Firmware

Zte

4 products

Zxr10 1800 2s Firmware

Zxr10 2800 4 Firmware

Zxr10 3800 8 Firmware

Zxr10 160 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxr10 1800 2s Firmware	Before 3.00.40

Running on/with	Platform Versions
Zte Zxr10 1800 2s	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxr10 2800 4 Firmware	Before 3.00.40

Running on/with	Platform Versions
Zte Zxr10 2800 4	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxr10 3800 8 Firmware	Before 3.00.40

Running on/with	Platform Versions
Zte Zxr10 3800 8	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxr10 160 Firmware	Before 3.00.40

Running on/with	Platform Versions
Zte Zxr10 160	All versions

Related CWEs

CWE-552

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (2)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262

Source: psirt@zte.com.cn

Permissions Required

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.