CVE-2018-7363

Published: Nov 16, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.

Affected (1)

Products: Zte: Zxhn F670 Firmware

Zte

1 product

Zxhn F670 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxhn F670 Firmware	Before 1.1.10p3t18

Running on/with	Platform Versions
Zte Zxhn F670	All versions

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383

Source: psirt@zte.com.cn

Vendor Advisory

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.