Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ZXV10 XT802 by ZTE
CVE-2024-22069 (GCVE-0-2024-22069)
Vulnerability from nvd – Published: 2024-08-08 07:54 – Updated: 2024-08-08 13:07
VLAI
EPSS
VEX
Title
Permission and Access Control Vulnerability in ZXV10 XT802/ET301
Summary
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| ZTE | ZXV10 XT802 |
Affected:
All versions up to V2.24.10P1 , < V2.24.10P1
(custom)
|
|
| ZTE | ZXV10 ET301 |
Affected:
All versions up to V3.22.11P3 , < V3.22.11P3
(custom)
|
|
| zte | zxv10_et301_firmware |
Affected:
0 , < v3.22.11p3
(custom)
cpe:2.3:o:zte:zxv10_et301_firmware:*:*:*:*:*:*:*:* |
|
| zte | zxv10_xt802_firmware |
Affected:
0 , < v2.24.10p1
(custom)
cpe:2.3:o:zte:zxv10_xt802_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxv10_et301_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxv10_et301_firmware",
"vendor": "zte",
"versions": [
{
"lessThan": "v3.22.11p3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zte:zxv10_xt802_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxv10_xt802_firmware",
"vendor": "zte",
"versions": [
{
"lessThan": "v2.24.10p1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:02:00.504571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:07:14.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ZXV10 XT802",
"vendor": "ZTE",
"versions": [
{
"lessThan": "V2.24.10P1",
"status": "affected",
"version": "All versions up to V2.24.10P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ZXV10 ET301",
"vendor": "ZTE",
"versions": [
{
"lessThan": "V3.22.11P3",
"status": "affected",
"version": "All versions up to V3.22.11P3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a permission and access control vulnerability of ZTE\u0027s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.\u003cbr\u003e"
}
],
"value": "There is a permission and access control vulnerability of ZTE\u0027s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T07:54:50.319Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZXV10 XT802:V2.24.10P1 \u003cbr\u003eZXV10 ET301:V3.22.11P3"
}
],
"value": "ZXV10 XT802:V2.24.10P1 \nZXV10 ET301:V3.22.11P3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Permission and Access Control Vulnerability in ZXV10 XT802/ET301",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22069",
"datePublished": "2024-08-08T07:54:50.319Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-08-08T13:07:14.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22069 (GCVE-0-2024-22069)
Vulnerability from cvelistv5 – Published: 2024-08-08 07:54 – Updated: 2024-08-08 13:07
VLAI
EPSS
VEX
Title
Permission and Access Control Vulnerability in ZXV10 XT802/ET301
Summary
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| ZTE | ZXV10 XT802 |
Affected:
All versions up to V2.24.10P1 , < V2.24.10P1
(custom)
|
|
| ZTE | ZXV10 ET301 |
Affected:
All versions up to V3.22.11P3 , < V3.22.11P3
(custom)
|
|
| zte | zxv10_et301_firmware |
Affected:
0 , < v3.22.11p3
(custom)
cpe:2.3:o:zte:zxv10_et301_firmware:*:*:*:*:*:*:*:* |
|
| zte | zxv10_xt802_firmware |
Affected:
0 , < v2.24.10p1
(custom)
cpe:2.3:o:zte:zxv10_xt802_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxv10_et301_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxv10_et301_firmware",
"vendor": "zte",
"versions": [
{
"lessThan": "v3.22.11p3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:zte:zxv10_xt802_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxv10_xt802_firmware",
"vendor": "zte",
"versions": [
{
"lessThan": "v2.24.10p1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:02:00.504571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:07:14.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ZXV10 XT802",
"vendor": "ZTE",
"versions": [
{
"lessThan": "V2.24.10P1",
"status": "affected",
"version": "All versions up to V2.24.10P1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ZXV10 ET301",
"vendor": "ZTE",
"versions": [
{
"lessThan": "V3.22.11P3",
"status": "affected",
"version": "All versions up to V3.22.11P3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a permission and access control vulnerability of ZTE\u0027s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.\u003cbr\u003e"
}
],
"value": "There is a permission and access control vulnerability of ZTE\u0027s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T07:54:50.319Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZXV10 XT802:V2.24.10P1 \u003cbr\u003eZXV10 ET301:V3.22.11P3"
}
],
"value": "ZXV10 XT802:V2.24.10P1 \nZXV10 ET301:V3.22.11P3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Permission and Access Control Vulnerability in ZXV10 XT802/ET301",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22069",
"datePublished": "2024-08-08T07:54:50.319Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-08-08T13:07:14.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}