CVE-2018-7364

Published: Dec 7, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Affected (1)

Products: Zte: Zxin10

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zte Zxin10	Before resv1.01.44

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Source: psirt@zte.com.cn

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p

Source: psirt@zte.com.cn

ExploitThird Party Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Source: psirt@zte.com.cn

Vendor Advisory

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.