Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ZXMP M721 by ZTE

    CVE-2025-46582 (GCVE-0-2025-46582)

    Vulnerability from nvd – Published: 2025-10-27 08:44 – Updated: 2025-10-27 15:58
    VLAI
    Title
    Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
    Summary
    A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXMP M721 Affected: ZXMPM721V5.30.020.001P01
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T15:58:07.247059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T15:58:25.984Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ZXMP M721",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZXMPM721V5.30.020.001P01"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zte:zxmp_m721:zxmpm721v5.30.020.001p01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security.\u003c/p\u003e"
                }
              ],
              "value": "A private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T08:44:49.704Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2025-46582",
        "datePublished": "2025-10-27T08:44:49.704Z",
        "dateReserved": "2025-04-25T00:28:13.909Z",
        "dateUpdated": "2025-10-27T15:58:25.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46582 (GCVE-0-2025-46582)

    Vulnerability from cvelistv5 – Published: 2025-10-27 08:44 – Updated: 2025-10-27 15:58
    VLAI
    Title
    Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
    Summary
    A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXMP M721 Affected: ZXMPM721V5.30.020.001P01
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46582",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T15:58:07.247059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T15:58:25.984Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ZXMP M721",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZXMPM721V5.30.020.001P01"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zte:zxmp_m721:zxmpm721v5.30.020.001p01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security.\u003c/p\u003e"
                }
              ],
              "value": "A private key disclosure vulnerability exists in ZTE\u0027s ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device\u0027s communication private key, resulting in key exposure and impacting communication security."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T08:44:49.704Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2594779029512220847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2025-46582",
        "datePublished": "2025-10-27T08:44:49.704Z",
        "dateReserved": "2025-04-25T00:28:13.909Z",
        "dateUpdated": "2025-10-27T15:58:25.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202205-1037

    Vulnerability from variot - Updated: 2024-11-23 22:54

    ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. ZTE of zxmp m721 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) device of China ZTE Corporation (ZTE). Attackers can use this vulnerability to obtain higher permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202205-1037",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxmp m721",
            "scope": null,
            "trust": 1.4,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zte",
            "version": "5.10.030.006"
          },
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zte",
            "version": "zxmp m721  firmware  5.10.030.006"
          },
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "cve": "CVE-2022-23139",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2022-23139",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2022-47340",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2022-23139",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23139",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23139",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23139",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-47340",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202205-3191",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-23139",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. ZTE of zxmp m721 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) device of China ZTE Corporation (ZTE). Attackers can use this vulnerability to obtain higher permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23139",
            "trust": 3.9
          },
          {
            "db": "ZTE",
            "id": "1024444",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022051602",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "id": "VAR-202205-1037",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          }
        ],
        "trust": 1.2
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:54:35.160000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for ZTE ZXMP M721 Permission and Access Control Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/337201"
          },
          {
            "title": "ZTE ZXMP M721 Fixes for permissions and access control issues vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193155"
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-23305 "
          },
          {
            "title": "CVE-2022-XXXX",
            "trust": 0.1,
            "url": "https://github.com/AlphabugX/CVE-2022-RCE "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.0
          },
          {
            "problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1024444"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23139"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022051602"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23139/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/863.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/alphabugx/cve-2022-23305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "date": "2022-05-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "date": "2023-08-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "date": "2022-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "date": "2022-05-12T20:15:15.183000",
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-06-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-47340"
          },
          {
            "date": "2022-05-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23139"
          },
          {
            "date": "2023-08-07T08:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          },
          {
            "date": "2022-05-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          },
          {
            "date": "2024-11-21T06:48:05.017000",
            "db": "NVD",
            "id": "CVE-2022-23139"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE\u00a0 of \u00a0zxmp\u00a0m721\u00a0 Fraudulent Authentication Vulnerability in Firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-009667"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202205-3191"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-0969

    Vulnerability from variot - Updated: 2024-08-14 14:55

    ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZTE of zxmp m721 Firmware contains an information disclosure vulnerability from log files.Information may be obtained. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) equipment of China ZTE Corporation (ZTE)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0969",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "zte",
            "version": "commond21bootv100004_ls1045"
          },
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxmp m721",
            "scope": null,
            "trust": 0.8,
            "vendor": "zte",
            "version": null
          },
          {
            "model": "zxmp m721",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "zte",
            "version": "zxmp m721  firmware  commond21bootv100004 ls1045"
          },
          {
            "model": "zxmp m721 commond21bootv100004 ls1045",
            "scope": null,
            "trust": 0.6,
            "vendor": "zte",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "cve": "CVE-2022-23141",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-09678",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-23141",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-23141",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-23141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-23141",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-09678",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-1361",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZTE of zxmp m721 Firmware contains an information disclosure vulnerability from log files.Information may be obtained. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) equipment of China ZTE Corporation (ZTE)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23141"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-23141",
            "trust": 3.9
          },
          {
            "db": "ZTE",
            "id": "1025264",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23141",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "id": "VAR-202207-0969",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          }
        ],
        "trust": 1.4
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:55:23.891000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for ZTE ZXMP M721 Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/379151"
          },
          {
            "title": "ZTE ZXMP M721 Repair measures for log information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201220"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-532",
            "trust": 1.0
          },
          {
            "problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1025264"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23141"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-23141/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-23141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23141"
          },
          {
            "date": "2023-09-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "date": "2022-07-15T15:15:08.097000",
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-02-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-09678"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-23141"
          },
          {
            "date": "2023-09-07T08:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          },
          {
            "date": "2022-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          },
          {
            "date": "2022-07-22T16:24:27.390000",
            "db": "NVD",
            "id": "CVE-2022-23141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZTE\u00a0 of \u00a0zxmp\u00a0m721\u00a0 Vulnerability related to information disclosure from log files in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-013456"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "log information leak",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-1361"
          }
        ],
        "trust": 0.6
      }
    }