Lucene search

[email protected]CVE-2022-23144

HistorySep 23, 2022 - 3:15 p.m.

CVE-2022-23144

2022-09-2315:15:12

[email protected]

web.nvd.nist.gov

cve-2022-23144

zte

zxvstb

broken access control

vulnerability

permission control

system

nvd

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

Affected configurations

NVD

Node

ztezxa10_b76hv3_firmwareRange≤2.01.02.01

AND

ztezxa10_b76hv3Match-

Node

ztezxa10_b766v2_firmwareRange≤2.01.02.01

AND

ztezxa10_b766v2Match-

Node

ztezxa10_b800v2_firmwareRange≤2.01.02.01

AND

ztezxa10_b800v2Match-

Node

ztezxa10_b860av2.1_firmwareRange≤2.01.02.01

AND

ztezxa10_b860av2.1Match-

Node

ztezxa10_b860h_firmwareRange≤2.01.02.01

AND

ztezxa10_b860hMatch-

Node

ztezxa10_b866v2-h_firmwareRange≤2.01.02.01

AND

ztezxa10_b866v2-hMatch-

Node

ztezxa10_b866v5-w10_firmwareRange≤2.01.02.01

AND

ztezxa10_b866v5-w10Match-

Node

ztezxa10_b960gv1_firmwareRange≤2.01.02.01

AND

ztezxa10_b960gv1Match-

Node

ztezxa10_b710c-a12_firmwareRange≤2.01.02.01

AND

ztezxa10_b710c-a12Match-

Node

ztezxa10_b710s2-a19_firmwareRange≤2.01.02.01

AND

ztezxa10_b710s2-a19Match-

Node

ztezxa10_b836ct-a15_firmwareRange≤2.01.02.01

AND

ztezxa10_b836ct-a15Match-

Node

ztezxa10_s100v_firmwareRange≤2.01.02.01

AND

ztezxa10_s100vMatch-

Node

ztezxa10_s200a_firmwareRange≤2.01.02.01

AND

ztezxa10_s200aMatch-

Node

ztezxa10_s200t_firmwareRange≤2.01.02.01

AND

ztezxa10_s200tMatch-

Node

ztezxa10_b700v7_firmwareRange≤2.01.02.01

AND

ztezxa10_b700v7Match-

CPENameOperatorVersion
zte:zxa10_b76hv3_firmwarezte zxa10 b76hv3 firmwarele2.01.02.01

CPE	Name	Operator	Version
zte:zxa10_b76hv3_firmware	zte zxa10 b76hv3 firmware	le	2.01.02.01

CNA Affected

[
  {
    "product": "ZXvSTB",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions up to ZXvSTB-CAMSV2.01.02.01"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224

Social References

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Related for CVE-2022-23144

cnvd1 nvd1 prion1 cvelist1