Lucene search

ZteCVELIST:CVE-2023-25646

HistoryJun 20, 2024 - 6:20 a.m.

CVE-2023-25646 Permission and Access Control Vulnerability in ZTE H388X

2024-06-2006:20:44

CWE-281

zte

www.cve.org

cve-2023-25646

permission control

access control

zte h388x

vulnerability

elevated permissions

brute-force serial port cracking

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ZXHN H388X",
    "vendor": "ZTE",
    "versions": [
      {
        "status": "affected",
        "version": "V10.1: AGZHM_1.3.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-25646