CVE-2022-39074 (GCVE-0-2022-39074)

Vulnerability from cvelistv5 – Published: 2023-05-30 00:00 – Updated: 2025-01-13 20:39
VLAI?
Summary
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
Severity ?
3.3 (Low)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE
  • unauthorized access
Assigner
zte
References
Impacted products
Vendor Product Version
n/a ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra Affected: All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T11:10:32.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-39074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T20:39:33.354799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T20:39:36.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unauthorized access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00.000Z",
        "orgId": "6786b568-6808-4982-b61f-398b0d9679eb",
        "shortName": "zte"
      },
      "references": [
        {
          "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb",
    "assignerShortName": "zte",
    "cveId": "CVE-2022-39074",
    "datePublished": "2023-05-30T00:00:00.000Z",
    "dateReserved": "2022-08-31T00:00:00.000Z",
    "dateUpdated": "2025-01-13T20:39:36.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-39074",
      "date": "2026-04-30",
      "epss": "0.0005",
      "percentile": "0.15398"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m02\", \"matchCriteriaId\": \"2DCC936C-DBBD-48AA-9137-F381048965E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4375046D-68CA-46E5-969B-1285B69F0B7E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m07\", \"matchCriteriaId\": \"A7A6A9E2-8533-430C-97F4-8424C4D73869\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F04649EA-CA70-464A-9757-F0C6AB4DE702\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m09\", \"matchCriteriaId\": \"C9597C54-7308-4B43-AF04-9E6A38022ABE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E58B690-37E5-4FC7-8E60-43B1E9246E24\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m05\", \"matchCriteriaId\": \"30C94446-4764-4FD7-9F67-15E3CD0D0D90\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF55F5F-0133-48D7-948B-C17713876B64\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.14\", \"matchCriteriaId\": \"4A78D396-C7E1-460A-9CD9-228D8A658DA5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22FCAC68-6802-4F75-B74C-BF1A1027379E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2\", \"matchCriteriaId\": \"1F0C095C-9442-43B6-8387-3FBBC1530834\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72824985-D247-42FD-830A-E14126BD9564\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m03\", \"matchCriteriaId\": \"8A5A6D1A-B7C7-45C4-A804-23EDFF899C46\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m04\", \"matchCriteriaId\": \"7957E560-4710-444C-AE02-6D5B78FE2173\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A6D44D-8329-4184-9C96-125B1216A147\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"m13\", \"matchCriteriaId\": \"8A2FA782-2B80-46C5-AA04-3B295A9F2FA1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"603B4CB3-4820-4C52-8D7D-B6FA12986D69\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4\", \"matchCriteriaId\": \"B0708E04-2747-4454-91A2-E6D4E8653330\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A5874F-3ED4-43E9-A74C-46EE10A155FC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.3\", \"matchCriteriaId\": \"4C68C556-C42D-4576-9D1C-659DCBFA6727\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.14\", \"matchCriteriaId\": \"0C2ABF13-488E-40EB-B38A-3952781584E9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D4B62DA-8444-4E2B-99EC-1E2C5D461884\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11\", \"matchCriteriaId\": \"9D710F4D-160E-4EF7-9E14-DB191AF257DE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96BA29D9-5F3B-4CED-9BB7-C592B96783E5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11\", \"matchCriteriaId\": \"D0889637-EA9E-4246-ABC3-60EAEF5C83F2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.4_9046\", \"matchCriteriaId\": \"F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF7A3907-B6FE-404F-B88C-7534903D9821\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.2_8045\", \"matchCriteriaId\": \"8198FF61-A3E0-4FB7-A44C-1A933E73F4F2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.0b26\", \"matchCriteriaId\": \"8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9F41AC-BCE6-416B-B11F-D86769525F9D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.\"}]",
      "id": "CVE-2022-39074",
      "lastModified": "2025-01-13T21:15:10.137",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}]}",
      "published": "2023-05-30T23:15:09.393",
      "references": "[{\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\", \"source\": \"psirt@zte.com.cn\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@zte.com.cn",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-39074\",\"sourceIdentifier\":\"psirt@zte.com.cn\",\"published\":\"2023-05-30T23:15:09.393\",\"lastModified\":\"2025-01-13T21:15:10.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a52_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m02\",\"matchCriteriaId\":\"2DCC936C-DBBD-48AA-9137-F381048965E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4375046D-68CA-46E5-969B-1285B69F0B7E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a51_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m07\",\"matchCriteriaId\":\"A7A6A9E2-8533-430C-97F4-8424C4D73869\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a51:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F04649EA-CA70-464A-9757-F0C6AB4DE702\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a3_lite_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m09\",\"matchCriteriaId\":\"C9597C54-7308-4B43-AF04-9E6A38022ABE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a3_lite:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E58B690-37E5-4FC7-8E60-43B1E9246E24\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a5_2020_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m05\",\"matchCriteriaId\":\"30C94446-4764-4FD7-9F67-15E3CD0D0D90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a5_2020:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF55F5F-0133-48D7-948B-C17713876B64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_l210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14\",\"matchCriteriaId\":\"4A78D396-C7E1-460A-9CD9-228D8A658DA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_l210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22FCAC68-6802-4F75-B74C-BF1A1027379E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a7s_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2\",\"matchCriteriaId\":\"1F0C095C-9442-43B6-8387-3FBBC1530834\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a7s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72824985-D247-42FD-830A-E14126BD9564\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a31_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m03\",\"matchCriteriaId\":\"8A5A6D1A-B7C7-45C4-A804-23EDFF899C46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a31:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28D8EE5A-2116-47C8-AB8C-C0E92B05A5CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a31_plus_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m04\",\"matchCriteriaId\":\"7957E560-4710-444C-AE02-6D5B78FE2173\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a31_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A6D44D-8329-4184-9C96-125B1216A147\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a5_2019_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"m13\",\"matchCriteriaId\":\"8A2FA782-2B80-46C5-AA04-3B295A9F2FA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a5_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"603B4CB3-4820-4C52-8D7D-B6FA12986D69\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a71_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4\",\"matchCriteriaId\":\"B0708E04-2747-4454-91A2-E6D4E8653330\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a71:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A5874F-3ED4-43E9-A74C-46EE10A155FC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_a72_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.3\",\"matchCriteriaId\":\"4C68C556-C42D-4576-9D1C-659DCBFA6727\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_a72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A5C21C-FF84-4F9D-AEB0-DF65BA7E95CC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_v20_smart_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14\",\"matchCriteriaId\":\"0C2ABF13-488E-40EB-B38A-3952781584E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_v20_smart:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4B62DA-8444-4E2B-99EC-1E2C5D461884\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_v30_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11\",\"matchCriteriaId\":\"9D710F4D-160E-4EF7-9E14-DB191AF257DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_v30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BA29D9-5F3B-4CED-9BB7-C592B96783E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_v30_vita_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11\",\"matchCriteriaId\":\"D0889637-EA9E-4246-ABC3-60EAEF5C83F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_v30_vita:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C8CD2AE-1E1A-4A7F-8EB4-2042B5133E1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:v40_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.4_9046\",\"matchCriteriaId\":\"F23C14A8-9DC8-4F43-B33C-0CD1DDEF57B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:v40_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7A3907-B6FE-404F-B88C-7534903D9821\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:blade_v40_vita_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.2_8045\",\"matchCriteriaId\":\"8198FF61-A3E0-4FB7-A44C-1A933E73F4F2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:blade_v40_vita:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFDF882-AA8A-4D2D-86C8-F91833E6A1C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zte:axon_40_ultra_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.0b26\",\"matchCriteriaId\":\"8966DAC9-4EE0-41DE-988E-8D6E5F6A06E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zte:axon_40_ultra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9F41AC-BCE6-416B-B11F-D86769525F9D\"}]}]}],\"references\":[{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\",\"source\":\"psirt@zte.com.cn\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T11:10:32.571Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-39074\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-13T20:39:33.354799Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-13T20:39:26.347Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25\"}]}], \"references\": [{\"url\": \"https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"unauthorized access\"}]}], \"providerMetadata\": {\"orgId\": \"6786b568-6808-4982-b61f-398b0d9679eb\", \"shortName\": \"zte\", \"dateUpdated\": \"2023-05-30T00:00:00\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-39074\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-13T20:39:36.919Z\", \"dateReserved\": \"2022-08-31T00:00:00\", \"assignerOrgId\": \"6786b568-6808-4982-b61f-398b0d9679eb\", \"datePublished\": \"2023-05-30T00:00:00\", \"assignerShortName\": \"zte\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.