CVE-2024-22069

Published: Aug 8, 2024Modified: Aug 20, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

Affected (2)

Products: Zte: Zxv10 Et301 Firmware, Zxv10 Xt802 Firmware

Zte

2 products

Zxv10 Et301 Firmware

Zxv10 Xt802 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 Et301 Firmware	Before v3.22.11p3

Running on/with	Platform Versions
Zte Zxv10 Et301	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Zxv10 Xt802 Firmware	Before v2.24.10p1

Running on/with	Platform Versions
Zte Zxv10 Xt802	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424

Source: psirt@zte.com.cn

Vendor Advisory

Timeline

No history available yet.