Authentication flaw

2018-12-2816:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.

CPENameOperatorVersion
zxv10_b860av2.1_chinamobile_firmwareeq< icnt-v1.3.3
zxv10_b860av2.1_chinamobile_firmwareeq< bestv-v1.2.2
zxv10_b860av2.1_chinamobile_firmwareeq< wasu-v1.1.7
zxv10_b860av2.1_chinamobile_firmwareeq< mgtv-v1.4.6

Name	Operator	Version
zxv10_b860av2.1_chinamobile_firmware	eq	< icnt-v1.3.3
zxv10_b860av2.1_chinamobile_firmware	eq	< bestv-v1.2.2
zxv10_b860av2.1_chinamobile_firmware	eq	< wasu-v1.1.7
zxv10_b860av2.1_chinamobile_firmware	eq	< mgtv-v1.4.6

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023