Search criteria
4 vulnerabilities found for zxmp_m721_firmware by zte
CVE-2022-23141 (GCVE-0-2022-23141)
Vulnerability from nvd – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36
VLAI?
Summary
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXMP M721",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "COMMOND21BOOTV100004_LS1045"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T14:44:50",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXMP M721",
"version": {
"version_data": [
{
"version_value": "COMMOND21BOOTV100004_LS1045"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23141",
"datePublished": "2022-07-15T14:44:50",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23139 (GCVE-0-2022-23139)
Vulnerability from nvd – Published: 2022-05-12 19:26 – Updated: 2024-08-03 03:36
VLAI?
Summary
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
Severity ?
No CVSS data available.
CWE
- permission and access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXMP M721",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V5.10.030.006"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "permission and access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:26:38",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXMP M721",
"version": {
"version_data": [
{
"version_value": "V5.10.030.006"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permission and access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23139",
"datePublished": "2022-05-12T19:26:38",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23141 (GCVE-0-2022-23141)
Vulnerability from cvelistv5 – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36
VLAI?
Summary
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.
Severity ?
No CVSS data available.
CWE
- information leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:19.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXMP M721",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "COMMOND21BOOTV100004_LS1045"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-15T14:44:50",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXMP M721",
"version": {
"version_data": [
{
"version_value": "COMMOND21BOOTV100004_LS1045"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23141",
"datePublished": "2022-07-15T14:44:50",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:19.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23139 (GCVE-0-2022-23139)
Vulnerability from cvelistv5 – Published: 2022-05-12 19:26 – Updated: 2024-08-03 03:36
VLAI?
Summary
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
Severity ?
No CVSS data available.
CWE
- permission and access control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZXMP M721",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V5.10.030.006"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "permission and access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T19:26:38",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2022-23139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZXMP M721",
"version": {
"version_data": [
{
"version_value": "V5.10.030.006"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE\u0027s ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It\u2019s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permission and access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444",
"refsource": "MISC",
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2022-23139",
"datePublished": "2022-05-12T19:26:38",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}