Lucene search

ZteCVELIST:CVE-2024-22069

HistoryAug 08, 2024 - 7:54 a.m.

CVE-2024-22069 Permission and Access Control Vulnerability in ZXV10 XT802/ET301

2024-08-0807:54:50

CWE-269

zte

www.cve.org

cve-2024-22069 zte zv10 xt802/et301 terminal web password

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

20.0%

JSON

There is a permission and access control vulnerability of ZTE’s ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ZXV10 XT802",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThan": "V2.24.10P1",
        "status": "affected",
        "version": "All versions up to V2.24.10P1",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ZXV10 ET301",
    "vendor": "ZTE",
    "versions": [
      {
        "lessThan": "V3.22.11P3",
        "status": "affected",
        "version": "All versions up to V3.22.11P3",
        "versionType": "custom"
      }
    ]
  }
]

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2024-22069