Lucene search

[email protected]CVE-2012-2949

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-2949

2022-10-0316:15:36

CWE-264

[email protected]

web.nvd.nist.gov

zte

sync_agent

android

2.3.4

hardcoded password

vulnerability

remote attackers

privileges

crafted application

cve-2012-2949

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application.

Affected configurations

NVD

Node

googleandroidMatch2.3.4

AND

ztescore_mMatch-

CPENameOperatorVersion
zte:score_mzte score meq-

CPE	Name	Operator	Version
zte:score_m	zte score m	eq	-

References

blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability

www.pcmag.com/article2/0%2C2817%2C2404639%2C00.asp

www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.4%

JSON

Related for CVE-2012-2949

cvelist1 nvd1 prion1