Improper Access Control and Path Traversal Vulnerabilities in ZXR10 Next-Generation Access Router

Original release date: 10 August 2017

Update date: 8 September 2022






CVSS 3.0 Base Score


9.8 Critical (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)


Affected Product

ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160


Affected Versions

All versions prior to v3.00.40



Improper Access Control:

ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 160 incorrectly restrict access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.

Path Traversal:

ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 1600 incorrectly restrict the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.



The general configuration interface of ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 160 is mainly of CLI command lines while WEB based configuration is a supplementary way. In order to minimize the impact of the security issues, users are suggested to close the WEB Service and use the CLI interface to configure the device.



Users may upgrade or change to new versions after v3.00.40.



Thanks to Netfairy of Kuangn Network for reporting the security issues to ZTE PSIRT.



CVE-2015-7250 (


Update Records

10 August 2017, initial.

25 September 2017, CVE ID assingned. 

8 September 2022, Updated affected product.



If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT:, PGP key ID: FF095577.