Search criteria
3 vulnerabilities by China Mobile
CVE-2025-2716 (GCVE-0-2025-2716)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:00 – Updated: 2025-03-25 13:32
VLAI?
Title
China Mobile P22g-CIac Samba Path path traversal
Summary
A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| China Mobile | P22g-CIac |
Affected:
1.0.00.488
|
Credits
Yy123_ly14 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:32:22.103117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:32:43.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"broken-link"
],
"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Samba Path Handler"
],
"product": "P22g-CIac",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "1.0.00.488"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yy123_ly14 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In China Mobile P22g-CIac 1.0.00.488 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Samba Path Handler. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:00:07.183Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-300736 | China Mobile P22g-CIac Samba Path path traversal",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.300736"
},
{
"name": "VDB-300736 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.300736"
},
{
"name": "Submit #519900 | China-Mobile-Internet-of-Things-Co.-Ltd. P22g-CIac V1.0.00.488 path",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.519900"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-24T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-24T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-24T12:49:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "China Mobile P22g-CIac Samba Path path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2716",
"datePublished": "2025-03-24T23:00:07.183Z",
"dateReserved": "2025-03-24T11:43:59.273Z",
"dateUpdated": "2025-03-25T13:32:43.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2398 (GCVE-0-2025-2398)
Vulnerability from cvelistv5 – Published: 2025-03-17 21:31 – Updated: 2025-03-18 14:24
VLAI?
Title
China Mobile P22g-CIac CLI su Command default credentials
Summary
A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| China Mobile | P22g-CIac |
Affected:
20250305
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2398",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:24:21.170538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:24:37.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"CLI su Command Handler"
],
"product": "P22g-CIac",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"CLI su Command Handler"
],
"product": "ZXWT-MIG-P4G4V",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"CLI su Command Handler"
],
"product": "ZXWT-MIG-P8G8V",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"CLI su Command Handler"
],
"product": "GT3200-4G4P",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"CLI su Command Handler"
],
"product": "GT3200-8G8P",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been rated as critical. This issue affects some unknown processing of the component CLI su Command Handler. The manipulation leads to use of default credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P bis 20250305 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente CLI su Command Handler. Durch Manipulation mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:31:04.130Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299897 | China Mobile P22g-CIac CLI su Command default credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299897"
},
{
"name": "VDB-299897 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299897"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-17T08:06:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "China Mobile P22g-CIac CLI su Command default credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2398",
"datePublished": "2025-03-17T21:31:04.130Z",
"dateReserved": "2025-03-17T07:01:43.593Z",
"dateUpdated": "2025-03-18T14:24:37.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2397 (GCVE-0-2025-2397)
Vulnerability from cvelistv5 – Published: 2025-03-17 21:00 – Updated: 2025-03-18 14:25
VLAI?
Title
China Mobile P22g-CIac Telnet Service improper authorization
Summary
A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| China Mobile | P22g-CIac |
Affected:
20250305
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
FizzL (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:25:55.658104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:25:59.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Telnet Service"
],
"product": "P22g-CIac",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"Telnet Service"
],
"product": "ZXWT-MIG-P4G4V",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"Telnet Service"
],
"product": "ZXWT-MIG-P8G8V",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"Telnet Service"
],
"product": "GT3200-4G4P",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
},
{
"modules": [
"Telnet Service"
],
"product": "GT3200-8G8P",
"vendor": "China Mobile",
"versions": [
{
"status": "affected",
"version": "20250305"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "FizzL (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P up to 20250305. It has been declared as problematic. This vulnerability affects unknown code of the component Telnet Service. The manipulation leads to improper authorization. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P and GT3200-8G8P bis 20250305 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Telnet Service. Durch die Manipulation mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.2,
"vectorString": "AV:A/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:00:11.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299896 | China Mobile P22g-CIac Telnet Service improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299896"
},
{
"name": "VDB-299896 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299896"
},
{
"name": "Submit #514957 | China Mobile Internet of Things Enterprise Gateway GT3200-8G8P;GT3200-4G4P;ZXWT-MIG-P8G8V;ZXWT-MIG-P4G4V;P22g-CIac Execution of unauthorized command",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.514957"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Fizz-L/Vulnerability-report/blob/main/Unauthorized%20access%20to%20execute%20the%20telnet%20command.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-17T08:06:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "China Mobile P22g-CIac Telnet Service improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2397",
"datePublished": "2025-03-17T21:00:11.859Z",
"dateReserved": "2025-03-17T07:01:36.512Z",
"dateUpdated": "2025-03-18T14:25:59.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}