Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ZXIN10-European region by ZTE

    CVE-2018-7364 (GCVE-0-2018-7364)

    Vulnerability from nvd – Published: 2018-12-07 00:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXIN10-European region Affected: unspecified , ≤ ZXINOS-RESV1.01.43 (custom)
    Create a notification for this product.
    Date Public
    2018-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXIN10-European region",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "ZXINOS-RESV1.01.43",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-25T00:00:00.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
            },
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
            },
            {
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7364",
        "datePublished": "2018-12-07T00:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7364 (GCVE-0-2018-7364)

    Vulnerability from cvelistv5 – Published: 2018-12-07 00:00 – Updated: 2024-08-05 06:24
    VLAI
    Summary
    All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXIN10-European region Affected: unspecified , ≤ ZXINOS-RESV1.01.43 (custom)
    Create a notification for this product.
    Date Public
    2018-12-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:24:11.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXIN10-European region",
              "vendor": "ZTE",
              "versions": [
                {
                  "lessThanOrEqual": "ZXINOS-RESV1.01.43",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-25T00:00:00.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
            },
            {
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943"
            },
            {
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2018-7364",
        "datePublished": "2018-12-07T00:00:00.000Z",
        "dateReserved": "2018-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:24:11.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }