Search criteria
12 vulnerabilities found for zxr10_3800-8_firmware by zte
FKIE_CVE-2024-22066
Vulnerability from fkie_nvd - Published: 2024-10-29 09:15 - Updated: 2024-11-08 14:31
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxr10_1800-2s_firmware | * | |
| zte | zxr10_1800-2s | - | |
| zte | zxr10_2800-4_firmware | * | |
| zte | zxr10_2800-4 | - | |
| zte | zxr10_3800-8_firmware | * | |
| zte | zxr10_3800-8 | - | |
| zte | zxr10_160_firmware | * | |
| zte | zxr10_160 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826BC9EE-082B-4755-8229-94620812A1A0",
"versionEndIncluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58284623-2CF8-4993-8AA4-E802E778B116",
"versionEndIncluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F26480A6-D2EA-41D2-85EB-B15FB11ABC50",
"versionEndIncluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "011635A6-E3F0-47CD-8BBB-2EC37D3E7A34",
"versionEndIncluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios en el enrutador multiservicio inteligente ZTE ZXR10 ZSR V2. Un atacante autenticado podr\u00eda usar la vulnerabilidad para obtener informaci\u00f3n confidencial sobre el dispositivo."
}
],
"id": "CVE-2024-22066",
"lastModified": "2024-11-08T14:31:32.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-29T09:15:06.800",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-22068
Vulnerability from fkie_nvd - Published: 2024-10-10 09:15 - Updated: 2025-02-07 15:32
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxr10_1800-2s_firmware | * | |
| zte | zxr10_1800-2s | - | |
| zte | zxr10_2800-4_firmware | * | |
| zte | zxr10_2800-4 | - | |
| zte | zxr10_3800-8_firmware | * | |
| zte | zxr10_3800-8 | - | |
| zte | zxr10_160_firmware | * | |
| zte | zxr10_160 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53D31468-8382-4CF6-BAD7-C4E7C16B4E30",
"versionEndExcluding": "6.00.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6672D0C2-3697-4A17-AE68-B23B937A1846",
"versionEndExcluding": "6.00.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CFF33A-3556-4898-AD0B-EA5022B717A6",
"versionEndExcluding": "6.00.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74C666FC-30F5-415B-8F81-A7A7909D5C8C",
"versionEndExcluding": "6.00.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier."
},
{
"lang": "es",
"value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en las series ZTE ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160 en 64 bits permite la omisi\u00f3n de funcionalidad. Este problema afecta a las series ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160: V4.00.10 y anteriores."
}
],
"id": "CVE-2024-22068",
"lastModified": "2025-02-07T15:32:50.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5,
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-10T09:15:03.190",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Vendor Advisory"
],
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@zte.com.cn",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10931
Vulnerability from fkie_nvd - Published: 2017-09-19 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxr10_1800-2s_firmware | * | |
| zte | zxr10_1800-2s | - | |
| zte | zxr10_2800-4_firmware | * | |
| zte | zxr10_2800-4 | - | |
| zte | zxr10_3800-8_firmware | * | |
| zte | zxr10_3800-8 | - | |
| zte | zxr10_160_firmware | * | |
| zte | zxr10_160 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720817E2-2A6C-458D-A755-734D3950ACB3",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1953F140-3D24-4496-B5EB-9E79A2B00DA9",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C47EA3A-F5B6-4536-A35E-86426A6324C4",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57325750-FFA0-4F1B-A2BA-CC1573509445",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
},
{
"lang": "es",
"value": "ZXR10 1800-2S en versiones anteriores a la 3.00.40 restringe incorrectamente las descarga del rango del directorio de archivos para los usuarios WEB. Esto provoca que se pueda descargar cualquier archivo y provocar filtraciones de informaci\u00f3n como la configuraci\u00f3n del sistema."
}
],
"id": "CVE-2017-10931",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T14:29:00.273",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Permissions Required"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-10930
Vulnerability from fkie_nvd - Published: 2017-09-19 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | zxr10_1800-2s_firmware | * | |
| zte | zxr10_1800-2s | - | |
| zte | zxr10_2800-4_firmware | * | |
| zte | zxr10_2800-4 | - | |
| zte | zxr10_3800-8_firmware | * | |
| zte | zxr10_3800-8 | - | |
| zte | zxr10_160_firmware | * | |
| zte | zxr10_160 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720817E2-2A6C-458D-A755-734D3950ACB3",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1953F140-3D24-4496-B5EB-9E79A2B00DA9",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C47EA3A-F5B6-4536-A35E-86426A6324C4",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57325750-FFA0-4F1B-A2BA-CC1573509445",
"versionEndExcluding": "3.00.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
},
{
"lang": "es",
"value": "ZXR10 1800-2S en versiones anteriores a la 3.00.40 restringe incorrectamente el acceso a un recurso de un actor sin autorizaci\u00f3n. Esto provoca que los usuarios normales sean capaces de descargar archivos de configuraci\u00f3n para robar informaci\u00f3n, como por ejemplo las cuentas y contrase\u00f1as de administrador."
}
],
"id": "CVE-2017-10930",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T14:29:00.227",
"references": [
{
"source": "psirt@zte.com.cn",
"tags": [
"Permissions Required"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"sourceIdentifier": "psirt@zte.com.cn",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-22066 (GCVE-0-2024-22066)
Vulnerability from cvelistv5 – Published: 2024-10-29 09:03 – Updated: 2024-10-29 15:06
VLAI?
Summary
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
Severity ?
7.5 (High)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXR10 1800-2S |
Affected:
ZSRV2 V3.00.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zxr10_1800-2s_firmware",
"vendor": "zte",
"versions": [
{
"status": "affected",
"version": "3.00.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T14:38:31.925588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T15:06:23.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"ARM",
"64 bit"
],
"product": "ZXR10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "ZSRV2 V3.00.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T09:03:36.687Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22066",
"datePublished": "2024-10-29T09:03:36.687Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-10-29T15:06:23.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22068 (GCVE-0-2024-22068)
Vulnerability from cvelistv5 – Published: 2024-10-10 08:51 – Updated: 2024-10-10 13:38
VLAI?
Title
Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
Summary
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
Severity ?
6 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series |
Affected:
V4.00.10 and earlier
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxr10_3800-8_firmware",
"vendor": "zte",
"versions": [
{
"lessThanOrEqual": "v4.00.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:29:12.877833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:38:50.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit"
],
"product": "ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "V4.00.10 and earlier",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.\u003cp\u003eThis issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T08:51:35.299Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22068",
"datePublished": "2024-10-10T08:51:35.299Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-10-10T13:38:50.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10931 (GCVE-0-2017-10931)
Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Severity ?
No CVSS data available.
CWE
- Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZX10 1800-2S |
Affected:
All versions prior to V3.00.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZX10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions prior to V3.00.40"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T13:57:01",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-10931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZX10 1800-2S",
"version": {
"version_data": [
{
"version_value": "All versions prior to V3.00.40"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
"refsource": "MISC",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2017-10931",
"datePublished": "2017-09-19T14:00:00Z",
"dateReserved": "2017-07-05T00:00:00",
"dateUpdated": "2024-09-17T03:37:33.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10930 (GCVE-0-2017-10930)
Vulnerability from cvelistv5 – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
VLAI?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZX10 1800-2S |
Affected:
All versions prior to V3.00.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZX10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions prior to V3.00.40"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T13:57:01",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-10930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZX10 1800-2S",
"version": {
"version_data": [
{
"version_value": "All versions prior to V3.00.40"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
"refsource": "MISC",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2017-10930",
"datePublished": "2017-09-19T14:00:00Z",
"dateReserved": "2017-07-05T00:00:00",
"dateUpdated": "2024-09-16T17:33:43.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22066 (GCVE-0-2024-22066)
Vulnerability from nvd – Published: 2024-10-29 09:03 – Updated: 2024-10-29 15:06
VLAI?
Summary
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
Severity ?
7.5 (High)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXR10 1800-2S |
Affected:
ZSRV2 V3.00.40
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxr10_1800-2s_firmware:3.00.40:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zxr10_1800-2s_firmware",
"vendor": "zte",
"versions": [
{
"status": "affected",
"version": "3.00.40"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T14:38:31.925588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T15:06:23.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux",
"ARM",
"64 bit"
],
"product": "ZXR10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "ZSRV2 V3.00.40",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T09:03:36.687Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22066",
"datePublished": "2024-10-29T09:03:36.687Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-10-29T15:06:23.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22068 (GCVE-0-2024-22068)
Vulnerability from nvd – Published: 2024-10-10 08:51 – Updated: 2024-10-10 13:38
VLAI?
Title
Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router
Summary
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
Severity ?
6 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series |
Affected:
V4.00.10 and earlier
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_1800-2s_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zxr10_3800-8_firmware",
"vendor": "zte",
"versions": [
{
"lessThanOrEqual": "v4.00.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:29:12.877833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:38:50.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit"
],
"product": "ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "V4.00.10 and earlier",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.\u003cp\u003eThis issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T08:51:35.299Z",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2024-22068",
"datePublished": "2024-10-10T08:51:35.299Z",
"dateReserved": "2024-01-05T01:51:09.681Z",
"dateUpdated": "2024-10-10T13:38:50.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10931 (GCVE-0-2017-10931)
Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-17 03:37
VLAI?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Severity ?
No CVSS data available.
CWE
- Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZX10 1800-2S |
Affected:
All versions prior to V3.00.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZX10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions prior to V3.00.40"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T13:57:01",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-10931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZX10 1800-2S",
"version": {
"version_data": [
{
"version_value": "All versions prior to V3.00.40"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
"refsource": "MISC",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2017-10931",
"datePublished": "2017-09-19T14:00:00Z",
"dateReserved": "2017-07-05T00:00:00",
"dateUpdated": "2024-09-17T03:37:33.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10930 (GCVE-0-2017-10930)
Vulnerability from nvd – Published: 2017-09-19 14:00 – Updated: 2024-09-16 17:33
VLAI?
Summary
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
Severity ?
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ZTE | ZX10 1800-2S |
Affected:
All versions prior to V3.00.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZX10 1800-2S",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "All versions prior to V3.00.40"
}
]
}
],
"datePublic": "2017-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T13:57:01",
"orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"shortName": "zte"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-10930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZX10 1800-2S",
"version": {
"version_data": [
{
"version_value": "All versions prior to V3.00.40"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262",
"refsource": "MISC",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
"assignerShortName": "zte",
"cveId": "CVE-2017-10930",
"datePublished": "2017-09-19T14:00:00Z",
"dateReserved": "2017-07-05T00:00:00",
"dateUpdated": "2024-09-16T17:33:43.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}