Lucene search

[email protected]NVD:CVE-2017-10931

HistorySep 19, 2017 - 2:29 p.m.

CVE-2017-10931

2017-09-1914:29:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.6%

JSON

The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.

Affected configurations

Nvd

Node

ztezxr10_1800-2s_firmwareRange≤-

AND

ztezxr10_1800-2sMatch-

VendorProductVersionCPE
ztezxr10_1800-2s_firmware*cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*
ztezxr10_1800-2s-cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zte	zxr10_1800-2s_firmware	*	cpe:2.3:o:zte:zxr10_1800-2s_firmware::::::::
zte	zxr10_1800-2s	-	cpe:2.3:h:zte:zxr10_1800-2s:-:::::::*

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008262

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.6%

JSON

Related for NVD:CVE-2017-10931

prion1 cvelist1 openvas1 seebug1 cve1