FKIE_CVE-2022-39074
Vulnerability from fkie_nvd - Published: 2023-05-30 23:15 - Updated: 2025-01-13 21:15
Severity
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCC936C-DBBD-48AA-9137-F381048965E3",
"versionEndExcluding": "m02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4375046D-68CA-46E5-969B-1285B69F0B7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A6A9E2-8533-430C-97F4-8424C4D73869",
"versionEndExcluding": "m07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F04649EA-CA70-464A-9757-F0C6AB4DE702",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9597C54-7308-4B43-AF04-9E6A38022ABE",
"versionEndExcluding": "m09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E58B690-37E5-4FC7-8E60-43B1E9246E24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C94446-4764-4FD7-9F67-15E3CD0D0D90",
"versionEndExcluding": "m05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF55F5F-0133-48D7-948B-C17713876B64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A78D396-C7E1-460A-9CD9-228D8A658DA5",
"versionEndExcluding": "1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22FCAC68-6802-4F75-B74C-BF1A1027379E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0C095C-9442-43B6-8387-3FBBC1530834",
"versionEndExcluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72824985-D247-42FD-830A-E14126BD9564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5A6D1A-B7C7-45C4-A804-23EDFF899C46",
"versionEndExcluding": "m03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7957E560-4710-444C-AE02-6D5B78FE2173",
"versionEndExcluding": "m04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16A6D44D-8329-4184-9C96-125B1216A147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2FA782-2B80-46C5-AA04-3B295A9F2FA1",
"versionEndExcluding": "m13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "603B4CB3-4820-4C52-8D7D-B6FA12986D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0708E04-2747-4454-91A2-E6D4E8653330",
"versionEndExcluding": "2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A5874F-3ED4-43E9-A74C-46EE10A155FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C68C556-C42D-4576-9D1C-659DCBFA6727",
"versionEndExcluding": "11.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2ABF13-488E-40EB-B38A-3952781584E9",
"versionEndExcluding": "1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4B62DA-8444-4E2B-99EC-1E2C5D461884",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D710F4D-160E-4EF7-9E14-DB191AF257DE",
"versionEndExcluding": "1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96BA29D9-5F3B-4CED-9BB7-C592B96783E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0889637-EA9E-4246-ABC3-60EAEF5C83F2",
"versionEndExcluding": "1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6",
"versionEndExcluding": "11.0.4_9046",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7A3907-B6FE-404F-B88C-7534903D9821",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8198FF61-A3E0-4FB7-A44C-1A933E73F4F2",
"versionEndExcluding": "11.0.2_8045",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1",
"versionEndExcluding": "1.0.0b26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9F41AC-BCE6-416B-B11F-D86769525F9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission."
}
],
"id": "CVE-2022-39074",
"lastModified": "2025-01-13T21:15:10.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-30T23:15:09.393",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…