CVE-2022-39070

Published: Nov 22, 2022Modified: Apr 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

Affected (2)

Products: Zte: Zxa10 C350m Firmware, Zxa10 C300m Firmware

Zte

2 products

Zxa10 C350m Firmware

Zxa10 C300m Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxa10 C350m Firmware	From 2.1.0 to 2.1.0xgp002.4

Running on/with	Platform Versions
Zte Zxa10 C350m	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxa10 C300m Firmware	From 2.1.0 to 2.1.0xgp002.4

Running on/with	Platform Versions
Zte Zxa10 C300m	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824

Source: psirt@zte.com.cn

Vendor Advisory

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.