Search
Find a vulnerability
Search criteria
4 vulnerabilities found for zxa10_c300m_firmware by zte
CVE-2022-39070 (GCVE-0-2022-39070)
Vulnerability from nvd – Published: 2022-11-22 00:00 – Updated: 2025-04-29 04:29
VLAI
Summary
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- access control vulnerability
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXA10 C3XX |
Affected:
All versions up to V2.1.0 XGP002.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T04:28:27.700796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:29:24.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZXA10 C3XX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to V2.1.0 XGP002.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "access control vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-39070",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-04-29T04:29:24.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21728 (GCVE-0-2021-21728)
Vulnerability from nvd – Published: 2021-04-09 17:23 – Updated: 2024-08-03 18:23
VLAI
Summary
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.
Severity
No CVSS data available.
CWE
- configuration error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXA10 C300M |
Affected:
all versions up to V4.3P8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXA10 C300M",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions up to V4.3P8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "configuration error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T17:23:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXA10 C300M",
"version": {
"version_data": [
{
"version_value": "all versions up to V4.3P8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "configuration error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21728",
"datePublished": "2021-04-09T17:23:32.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39070 (GCVE-0-2022-39070)
Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-29 04:29
VLAI
Summary
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- access control vulnerability
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXA10 C3XX |
Affected:
All versions up to V2.1.0 XGP002.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-39070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T04:28:27.700796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T04:29:24.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZXA10 C3XX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions up to V2.1.0 XGP002.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "access control vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-39070",
"datePublished": "2022-11-22T00:00:00.000Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-04-29T04:29:24.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21728 (GCVE-0-2021-21728)
Vulnerability from cvelistv5 – Published: 2021-04-09 17:23 – Updated: 2024-08-03 18:23
VLAI
Summary
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8.
Severity
No CVSS data available.
CWE
- configuration error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.zte.com.cn/support/news/LoopholeI… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZXA10 C300M |
Affected:
all versions up to V4.3P8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:29.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXA10 C300M",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions up to V4.3P8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "configuration error",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T17:23:32.000Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2021-21728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXA10 C300M",
"version": {
"version_data": [
{
"version_value": "all versions up to V4.3P8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker can consume system processing resources by flushing a large number of packets to the port, and successfully exploiting this vulnerability could reduce system processing capabilities. This affects: ZXA10 C300M all versions up to V4.3P8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "configuration error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2021-21728",
"datePublished": "2021-04-09T17:23:32.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:29.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}