Vulnerability-Lookup

CVE-2022-23141 (GCVE-0-2022-23141)

Vulnerability from cvelistv5 – Published: 2022-07-15 14:44 – Updated: 2024-08-03 03:36

Summary

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

information leak

Assigner

zte

References

1 reference

URL	Tags
https://support.zte.com.cn/support/news/LoopholeI…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	ZXMP M721	Affected: COMMOND21BOOTV100004_LS1045

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:19.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZXMP M721",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "COMMOND21BOOTV100004_LS1045"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information leak",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-15T14:44:50.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2022-23141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZXMP M721",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "COMMOND21BOOTV100004_LS1045"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "information leak"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
              "refsource": "MISC",
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2022-23141",
    "datePublished": "2022-07-15T14:44:50.000Z",
    "dateReserved": "2022-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:36:19.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-23141",
      "date": "2026-06-29",
      "epss": "0.00663",
      "percentile": "0.47079"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23141\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2022-07-15T15:15:08.097\",\"lastModified\":\"2026-06-17T04:29:35.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.\"},{\"lang\":\"es\",\"value\":\"ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\u00f3n. Dado que la autenticaci\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\u00e9 habilitada, un atacante podr\u00eda usar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo y obtener informaci\u00f3n confidencial\"}],\"affected\":[{\"source\":\"psirt@zte.com.cn\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"ZXMP M721\",\"versions\":[{\"version\":\"COMMOND21BOOTV100004_LS1045\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB41C198-1156-4112-96C5-AC9B1026B46B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC586E9-E8FA-4988-8CD0-334A1F73BC61\"}]}]}],\"references\":[{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2023-09678

Vulnerability from cnvd - Published: 2023-02-17

Title

ZTE ZXMP M721信息泄露漏洞

Description

ZTE ZXMP M721是中国中兴通讯（ZTE）公司的一款城域边缘OTN（光传送网）设备。 ZTE ZXMP M721 commond21bootv100004_ls1045版本存在信息泄露漏洞，该漏洞源于ZBOOT接口的串口认证虽然开启，但并未生效，攻击者可利用漏洞登录设备获取敏感信息。

Severity

高

Patch Name

ZTE ZXMP M721信息泄露漏洞的补丁

Patch Description

ZTE ZXMP M721是中国中兴通讯（ZTE）公司的一款城域边缘OTN（光传送网）设备。 ZTE ZXMP M721 commond21bootv100004_ls1045版本存在信息泄露漏洞，该漏洞源于ZBOOT接口的串口认证虽然开启，但并未生效，攻击者可利用漏洞登录设备获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264

Reference

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264

Impacted products

Name
ZTE ZTE ZXMP M721 commond21bootv100004_ls1045

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-23141",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-23141"
    }
  },
  "description": "ZTE ZXMP M721\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57ce\u57df\u8fb9\u7f18OTN\uff08\u5149\u4f20\u9001\u7f51\uff09\u8bbe\u5907\u3002\n\nZTE ZXMP M721 commond21bootv100004_ls1045\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eZBOOT\u63a5\u53e3\u7684\u4e32\u53e3\u8ba4\u8bc1\u867d\u7136\u5f00\u542f\uff0c\u4f46\u5e76\u672a\u751f\u6548\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u767b\u5f55\u8bbe\u5907\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-09678",
  "openTime": "2023-02-17",
  "patchDescription": "ZTE ZXMP M721\u662f\u4e2d\u56fd\u4e2d\u5174\u901a\u8baf\uff08ZTE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57ce\u57df\u8fb9\u7f18OTN\uff08\u5149\u4f20\u9001\u7f51\uff09\u8bbe\u5907\u3002\r\n\r\nZTE ZXMP M721 commond21bootv100004_ls1045\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eZBOOT\u63a5\u53e3\u7684\u4e32\u53e3\u8ba4\u8bc1\u867d\u7136\u5f00\u542f\uff0c\u4f46\u5e76\u672a\u751f\u6548\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u767b\u5f55\u8bbe\u5907\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZTE ZXMP M721\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZTE ZTE ZXMP M721 commond21bootv100004_ls1045"
  },
  "referenceLink": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
  "serverity": "\u9ad8",
  "submitTime": "2022-07-19",
  "title": "ZTE ZXMP M721\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2022-23141

Vulnerability from fkie_nvd - Published: 2022-07-15 15:15 - Updated: 2026-06-17 04:29

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	psirt@zte.com.cn	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264	Vendor Advisory

Impacted products

	Vendor	Product	Version
	zte	zxmp_m721_firmware	commond21bootv100004_ls1045
	zte	zxmp_m721	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "ZXMP M721",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "COMMOND21BOOTV100004_LS1045"
            }
          ]
        }
      ],
      "source": "psirt@zte.com.cn"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB41C198-1156-4112-96C5-AC9B1026B46B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEC586E9-E8FA-4988-8CD0-334A1F73BC61",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "ZXMP M721 presenta una vulnerabilidad de filtrado de informaci\u00f3n. Dado que la autenticaci\u00f3n del puerto serie en la interfaz ZBOOT no es efectiva aunque est\u00e9 habilitada, un atacante podr\u00eda usar esta vulnerabilidad para iniciar sesi\u00f3n en el dispositivo y obtener informaci\u00f3n confidencial"
    }
  ],
  "id": "CVE-2022-23141",
  "lastModified": "2026-06-17T04:29:35.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-15T15:15:08.097",
  "references": [
    {
      "source": "psirt@zte.com.cn",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
    }
  ],
  "sourceIdentifier": "psirt@zte.com.cn",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-G64R-V5C7-QVH2

Vulnerability from github – Published: 2022-07-16 00:00 – Updated: 2022-07-23 00:00

Details

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-23141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-15T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.",
  "id": "GHSA-g64r-v5c7-qvh2",
  "modified": "2022-07-23T00:00:22Z",
  "published": "2022-07-16T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23141"
    },
    {
      "type": "WEB",
      "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-23141

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-23141

Aliases

CVE-2022-23141

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23141",
    "description": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.",
    "id": "GSD-2022-23141"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23141"
      ],
      "details": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.",
      "id": "GSD-2022-23141",
      "modified": "2023-12-13T01:19:35.049635Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@zte.com.cn",
        "ID": "CVE-2022-23141",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ZXMP M721",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "COMMOND21BOOTV100004_LS1045"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information leak"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
            "refsource": "MISC",
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zte:zxmp_m721_firmware:commond21bootv100004_ls1045:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@zte.com.cn",
          "ID": "CVE-2022-23141"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-22T16:24Z",
      "publishedDate": "2022-07-15T15:15Z"
    }
  }
}

VAR-202207-0969

Vulnerability from variot - Updated: 2024-08-14 14:55

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZTE of zxmp m721 Firmware contains an information disclosure vulnerability from log files.Information may be obtained. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) equipment of China ZTE Corporation (ZTE)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0969",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "zxmp m721",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zte",
        "version": "commond21bootv100004_ls1045"
      },
      {
        "model": "zxmp m721",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxmp m721",
        "scope": null,
        "trust": 0.8,
        "vendor": "zte",
        "version": null
      },
      {
        "model": "zxmp m721",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zte",
        "version": "zxmp m721  firmware  commond21bootv100004 ls1045"
      },
      {
        "model": "zxmp m721 commond21bootv100004 ls1045",
        "scope": null,
        "trust": 0.6,
        "vendor": "zte",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "cve": "CVE-2022-23141",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-09678",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-23141",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-23141",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-23141",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-23141",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-09678",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-1361",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information. ZTE of zxmp m721 Firmware contains an information disclosure vulnerability from log files.Information may be obtained. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) equipment of China ZTE Corporation (ZTE)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23141"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-23141",
        "trust": 3.9
      },
      {
        "db": "ZTE",
        "id": "1025264",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23141",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "id": "VAR-202207-0969",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      }
    ],
    "trust": 1.4
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      }
    ]
  },
  "last_update_date": "2024-08-14T14:55:23.891000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for ZTE ZXMP M721 Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/379151"
      },
      {
        "title": "ZTE ZXMP M721 Repair measures for log information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201220"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.0
      },
      {
        "problemtype": "Information leakage from log files (CWE-532) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1025264"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-23141"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-23141/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-23141"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "date": "2022-07-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23141"
      },
      {
        "date": "2023-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "date": "2022-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "date": "2022-07-15T15:15:08.097000",
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-09678"
      },
      {
        "date": "2022-07-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-23141"
      },
      {
        "date": "2023-09-07T08:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      },
      {
        "date": "2022-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      },
      {
        "date": "2022-07-22T16:24:27.390000",
        "db": "NVD",
        "id": "CVE-2022-23141"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ZTE\u00a0 of \u00a0zxmp\u00a0m721\u00a0 Vulnerability related to information disclosure from log files in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013456"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "log information leak",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-1361"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-23141 (GCVE-0-2022-23141)

CNVD-2023-09678

FKIE_CVE-2022-23141

GHSA-G64R-V5C7-QVH2

GSD-2022-23141

VAR-202207-0969

Tags

Sightings

Nomenclature