CVE-2024-22067

Published: Nov 18, 2024Modified: Mar 13, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.

Affected (1)

Products: Zte: Nh8091 Firmware

Zte

1 product

Nh8091 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Nh8091 Firmware	Version znh8091v1.8

Running on/with	Platform Versions
Zte Nh8091	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/6179526095692935173

Source: psirt@zte.com.cn

Vendor Advisory

Timeline

No history available yet.