VAR-202209-1521
Vulnerability from variot - Updated: 2025-05-23 23:26There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. zxa10 b76hv3 firmware, zxa10 b766v2 firmware, zxa10 b800v2 firmware etc. ZTE There are unspecified vulnerabilities in the product.Information is tampered with and service operation is interrupted (DoS) It may be in a state. ZTE ZXvSTB is a cloud-based set-top box of China ZTE (ZTE).
ZTE ZXvSTB has an authorization problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zxa10 b710s2-a19",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b766v2",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b800v2",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b960gv1",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b700v7",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b866v5-w10",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 s200t",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b836ct-a15",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b860h",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 s100v",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 s200a",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b860av2.1",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b710c-a12",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b76hv3",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b866v2-h",
"scope": "lte",
"trust": 1.0,
"vendor": "zte",
"version": "2.01.02.01"
},
{
"model": "zxa10 b766v2",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 s200a",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b836ct-a15",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b866v2-h",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 s200t",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 s100v",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b76hv3",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b710c-a12",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b860av2.1",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b866v5-w10",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b860h",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b800v2",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b710s2-a19",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b960gv1",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b700v7",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "zxa10 b800v2",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b860av2.1",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b860h",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b866v2-h",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b866v5-w10",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b960gv1",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b710c-a12",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b710s2-a19",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b836ct-a15",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 s100v",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 s200a",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 s200t",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
},
{
"model": "zxa10 b700v7",
"scope": "lte",
"trust": 0.6,
"vendor": "zte",
"version": "\u003c=2.01.02.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"cve": "CVE-2022-23144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-88193",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-23144",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23144",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23144",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-23144",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-23144",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-88193",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2388",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. zxa10 b76hv3 firmware, zxa10 b766v2 firmware, zxa10 b800v2 firmware etc. ZTE There are unspecified vulnerabilities in the product.Information is tampered with and service operation is interrupted (DoS) It may be in a state. ZTE ZXvSTB is a cloud-based set-top box of China ZTE (ZTE). \n\r\n\r\nZTE ZXvSTB has an authorization problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23144"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "CNVD",
"id": "CNVD-2022-88193"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23144",
"trust": 3.8
},
{
"db": "ZTE",
"id": "1026224",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-88193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"id": "VAR-202209-1521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
}
],
"trust": 1.2487179800000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
}
]
},
"last_update_date": "2025-05-23T23:26:15.231000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ZTE ZXvSTB Authorization Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/372386"
},
{
"title": "ZTE ZXvSTB Post-link vulnerability fixes",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209155"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1026224"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23144"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23144/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"date": "2023-10-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"date": "2022-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"date": "2022-09-23T15:15:12.687000",
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-88193"
},
{
"date": "2023-10-16T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-017847"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2388"
},
{
"date": "2025-05-22T19:15:29.063000",
"db": "NVD",
"id": "CVE-2022-23144"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0ZTE\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017847"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2388"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…