CVE-2022-39074

2023-05-3000:00:00

zte

www.cve.org

zte mobile phones

unauthorized access

vulnerability

non-public interface

malicious application

4.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ZTE Blade A52, ZTE Blade A51, ZTE Blade A3 Lite, ZTE Blade A5 2020, ZTE Blade L210, ZTE Blade A7s, ZTE Blade A31, ZTE Blade A31 Plus, ZTE Blade A5 (2019), ZTE Blade A71, ZTE Blade A72, ZTE Blade V20 Smart, ZTE Blade V30, ZTE Blade V30 Vita, ZTE V40 Pro, ZTE Blade V40 Vita, ZTE Axon 40 Ultra",
    "versions": [
      {
        "version": "All versions up to Z6356T_M01, All versions up to Blade A51_M06, All versions up to Blade A30_M08, All versions up to Blade A5 2020-T_M04, All versions up to GEN_MY_L210_V1.13, All versions up to CLA_GT_A7020_V2.1, All versions up to Blade A31_M02, All versions up to P600_M03, All versions up to P650 Pro_M12, All versions up to GEN_EU_EEA_A7030_V2.3, All versions up to MyOS11.0.2_A7039_CLA_CO, All versions up to TEL_MX_ZTE_8010V1.13, All versions up to TEL_MX_ZTE_9030V1.10, All versions up to TEL_MX_ZTE_8030V1.10, All versions up to MyOS11.0.3_9045_TEL All versions up to MyOS11.0.1_8044_CLA_CO, All versions up to NON_EEA_P898F01V1.0.0B25",
        "status": "affected"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664