Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for zxr10_2800-4_firmware by zte

    CVE-2024-22066 (GCVE-0-2024-22066)

    Vulnerability from nvd – Published: 2024-10-29 09:03 – Updated: 2024-10-29 15:06
    VLAI
    Summary
    There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXR10 1800-2S Affected: ZSRV2 V3.00.40 (custom)
    Create a notification for this product.
    zte zxr10_1800-2s_firmware Affected: 3.00.40
        cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "zxr10_1800-2s_firmware",
                "vendor": "zte",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.00.40"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T14:38:31.925588Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:06:23.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "ARM",
                "64 bit"
              ],
              "product": "ZXR10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZSRV2 V3.00.40",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-155",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T09:03:36.687Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2024-22066",
        "datePublished": "2024-10-29T09:03:36.687Z",
        "dateReserved": "2024-01-05T01:51:09.681Z",
        "dateUpdated": "2024-10-29T15:06:23.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22068 (GCVE-0-2024-22068)

    Vulnerability from nvd – Published: 2024-10-10 08:51 – Updated: 2024-10-10 13:38
    VLAI
    Title
    Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
    Summary
    Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series Affected: V4.00.10 and earlier (custom)
    Create a notification for this product.
    zte zxr10_3800-8_firmware Affected: 0 , ≤ v4.00.10 (custom)
        cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "zxr10_3800-8_firmware",
                "vendor": "zte",
                "versions": [
                  {
                    "lessThanOrEqual": "v4.00.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22068",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T13:29:12.877833Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T13:38:50.810Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit"
              ],
              "product": "ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.00.10 and earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.\u003cp\u003eThis issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T08:51:35.299Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2024-22068",
        "datePublished": "2024-10-10T08:51:35.299Z",
        "dateReserved": "2024-01-05T01:51:09.681Z",
        "dateUpdated": "2024-10-10T13:38:50.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10931 (GCVE-0-2017-10931)

    Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10931",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:33.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10930 (GCVE-0-2017-10930)

    Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10930",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:43.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22066 (GCVE-0-2024-22066)

    Vulnerability from cvelistv5 – Published: 2024-10-29 09:03 – Updated: 2024-10-29 15:06
    VLAI
    Summary
    There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXR10 1800-2S Affected: ZSRV2 V3.00.40 (custom)
    Create a notification for this product.
    zte zxr10_1800-2s_firmware Affected: 3.00.40
        cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "zxr10_1800-2s_firmware",
                "vendor": "zte",
                "versions": [
                  {
                    "status": "affected",
                    "version": "3.00.40"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T14:38:31.925588Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T15:06:23.937Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "ARM",
                "64 bit"
              ],
              "product": "ZXR10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "ZSRV2 V3.00.40",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-155",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T09:03:36.687Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2024-22066",
        "datePublished": "2024-10-29T09:03:36.687Z",
        "dateReserved": "2024-01-05T01:51:09.681Z",
        "dateUpdated": "2024-10-29T15:06:23.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22068 (GCVE-0-2024-22068)

    Vulnerability from cvelistv5 – Published: 2024-10-10 08:51 – Updated: 2024-10-10 13:38
    VLAI
    Title
    Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
    Summary
    Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    zte
    Impacted products
    Vendor Product Version
    ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series Affected: V4.00.10 and earlier (custom)
    Create a notification for this product.
    zte zxr10_3800-8_firmware Affected: 0 , ≤ v4.00.10 (custom)
        cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*
        cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
                  "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "zxr10_3800-8_firmware",
                "vendor": "zte",
                "versions": [
                  {
                    "lessThanOrEqual": "v4.00.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22068",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T13:29:12.877833Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T13:38:50.810Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit"
              ],
              "product": "ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.00.10 and earlier",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.\u003cp\u003eThis issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.\u003c/p\u003e"
                }
              ],
              "value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T08:51:35.299Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2024-22068",
        "datePublished": "2024-10-10T08:51:35.299Z",
        "dateReserved": "2024-01-05T01:51:09.681Z",
        "dateUpdated": "2024-10-10T13:38:50.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10930 (GCVE-0-2017-10930)

    Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10930",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10930",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:33:43.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10931 (GCVE-0-2017-10931)

    Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
    VLAI
    Summary
    The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    zte
    References
    Impacted products
    Vendor Product Version
    ZTE ZX10 1800-2S Affected: All versions prior to V3.00.40
    Create a notification for this product.
    Date Public
    2017-08-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:50:12.806Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ZX10 1800-2S",
              "vendor": "ZTE",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to V3.00.40"
                }
              ]
            }
          ],
          "datePublic": "2017-08-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-19T13:57:01.000Z",
            "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
            "shortName": "zte"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@zte.com.cn",
              "DATE_PUBLIC": "2017-08-10T00:00:00",
              "ID": "CVE-2017-10931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ZX10 1800-2S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to V3.00.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ZTE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
                  "refsource": "MISC",
                  "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "assignerShortName": "zte",
        "cveId": "CVE-2017-10931",
        "datePublished": "2017-09-19T14:00:00.000Z",
        "dateReserved": "2017-07-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:37:33.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }