Lucene search

[email protected]CVE-2022-39071

HistoryMay 30, 2023 - 11:15 p.m.

CVE-2022-39071

2023-05-3023:15:09

[email protected]

web.nvd.nist.gov

cve-2022-39071

unauthorized access

vulnerability

zte

mobile phones

malicious application

system files

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.

Affected configurations

NVD

Node

zteblade_a52_firmwareRange<m02

AND

zteblade_a52Match-

Node

zteblade_a51_firmwareRange<m07

AND

zteblade_a51Match-

Node

zteblade_a3_lite_firmwareRange<m09

AND

zteblade_a3_liteMatch-

Node

zteblade_a5_2020Match-

AND

zteblade_a5_2020_firmwareRange<m05

Node

zteblade_l210Match-

AND

zteblade_l210_firmwareRange<1.14

Node

zteblade_a7s_firmwareRange<2.2

AND

zteblade_a7sMatch-

Node

zteblade_a31_firmwareRange<m03

AND

zteblade_a31Match-

Node

zteblade_a31_plus_firmwareRange<m04

AND

zteblade_a31_plusMatch-

Node

zteblade_a5_2019_firmwareRange<m13

AND

zteblade_a5_2019Match-

Node

zteblade_a71_firmwareRange<2.4

AND

zteblade_a71Match-

Node

zteblade_a72_firmwareRange<11.0.3

AND

zteblade_a72Match-

Node

zteblade_v20_smartMatch-

AND

zteblade_v20_smart_firmwareRange<1.14

Node

zteblade_v30Match-

AND

zteblade_v30_firmwareRange<1.11

Node

zteblade_v30_vitaMatch-

AND

zteblade_v30_vita_firmwareRange<1.11

Node

ztev40_proMatch-

AND

ztev40_pro_firmwareRange<11.0.4_9046

Node

zteblade_v40_vitaMatch-

AND

zteblade_v40_vita_firmwareRange<11.0.2_8045

Node

zteaxon_40_ultraMatch-

AND

zteaxon_40_ultra_firmwareRange<1.0.0b26

CPENameOperatorVersion
zte:blade_a52_firmwarezte blade a52 firmwareltm02

CPE	Name	Operator	Version
zte:blade_a52_firmware	zte blade a52 firmware	lt	m02

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra",
    "versions": [
      {
        "version": "All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25",
        "status": "affected"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2022-39071

prion1 cvelist1 nvd1