Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-86323
HistoryNov 24, 2022 - 12:00 a.m.

ZTE ZXA10 C3XX Access Control Error Vulnerability

2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
12

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The ZTE ZXA10 C3XX is a series of optical access aggregation devices with EPON/GPON functions from ZTE Corporation (ZTE) in China.The ZTE ZXA10 C3XX 2.1.0 and later, and versions prior to 2.1.0xgp002.4 are vulnerable to an access control error, which originates from improper access control settings, and an attacker can use the vulnerability to log into the device and perform any operation.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for CNVD-2022-86323