Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for zxmp_m721_firmware by zte

    CVE-2022-23141 (GCVE-0-2022-23141)

    Vulnerability from nvd – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • information leak
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a ZXMP M721 Affected: COMMOND21BOOTV100004_LS1045
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXMP M721",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "COMMOND21BOOTV100004_LS1045"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-15T14:44:50.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2022-23141",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXMP M721",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "COMMOND21BOOTV100004_LS1045"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
                  "refsource": "MISC",
                  "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2022-23141",
        "datePublished": "2022-07-15T14:44:50.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:19.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23139 (GCVE-0-2022-23139)

    Vulnerability from nvd – Published: 2022-05-12 19:26 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
    Severity
    No CVSS data available.
    CWE
    • permission and access control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a ZXMP M721 Affected: V5.10.030.006
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:20.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXMP M721",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.10.030.006"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "permission and access control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T19:26:38.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2022-23139",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXMP M721",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V5.10.030.006"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "permission and access control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444",
                  "refsource": "MISC",
                  "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2022-23139",
        "datePublished": "2022-05-12T19:26:38.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:20.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23141 (GCVE-0-2022-23141)

    Vulnerability from cvelistv5 – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
    Severity
    No CVSS data available.
    CWE
    • information leak
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a ZXMP M721 Affected: COMMOND21BOOTV100004_LS1045
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:19.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXMP M721",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "COMMOND21BOOTV100004_LS1045"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information leak",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-15T14:44:50.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2022-23141",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXMP M721",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "COMMOND21BOOTV100004_LS1045"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information leak"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
                  "refsource": "MISC",
                  "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2022-23141",
        "datePublished": "2022-07-15T14:44:50.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:19.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23139 (GCVE-0-2022-23139)

    Vulnerability from cvelistv5 – Published: 2022-05-12 19:26 – Updated: 2024-08-03 03:36
    VLAI
    Summary
    ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
    Severity
    No CVSS data available.
    CWE
    • permission and access control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    n/a ZXMP M721 Affected: V5.10.030.006
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:36:20.000Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZXMP M721",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.10.030.006"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "permission and access control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-12T19:26:38.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "ID": "CVE-2022-23139",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZXMP M721",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V5.10.030.006"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "permission and access control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444",
                  "refsource": "MISC",
                  "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2022-23139",
        "datePublished": "2022-05-12T19:26:38.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:36:20.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }