Search criteria
2 vulnerabilities found for ZXIN10-European region by ZTE
CVE-2018-7364 (GCVE-0-2018-7364)
Vulnerability from nvd – Published: 2018-12-07 00:00 – Updated: 2024-08-05 06:24
VLAI
Summary
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Severity
8.3 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZTE | ZXIN10-European region |
Affected:
unspecified , ≤ ZXINOS-RESV1.01.43
(custom)
|
Date Public
2018-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10-European region",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "ZXINOS-RESV1.01.43",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2018-7364",
"datePublished": "2018-12-07T00:00:00.000Z",
"dateReserved": "2018-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7364 (GCVE-0-2018-7364)
Vulnerability from cvelistv5 – Published: 2018-12-07 00:00 – Updated: 2024-08-05 06:24
VLAI
Summary
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Severity
8.3 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZTE | ZXIN10-European region |
Affected:
unspecified , ≤ ZXINOS-RESV1.01.43
(custom)
|
Date Public
2018-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXIN10-European region",
"vendor": "ZTE",
"versions": [
{
"lessThanOrEqual": "ZXINOS-RESV1.01.43",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
},
{
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2018-7364",
"datePublished": "2018-12-07T00:00:00.000Z",
"dateReserved": "2018-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:24:11.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}