|
Original release date: 10 August 2017
Update date: 8 September 2022
CVE IDs
CVE-2017-10930
CVE-2017-10931
CVSS 3.0 Base Score
CVE-2017-10930:
9.8 Critical (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2017-10931:
7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product
ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160
Affected Versions
All versions prior to v3.00.40
Description
Improper Access Control:
ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 160 incorrectly restrict access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.
Path Traversal:
ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 1600 incorrectly restrict the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Workaround
The general configuration interface of ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8 and ZXR10 160 is mainly of CLI command lines while WEB based configuration is a supplementary way. In order to minimize the impact of the security issues, users are suggested to close the WEB Service and use the CLI interface to configure the device.
Resolution
Users may upgrade or change to new versions after v3.00.40.
Credit
Thanks to Netfairy of Kuangn Network for reporting the security issues to ZTE PSIRT.
References
CVE-2015-7250 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7250)
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1006863
Update Records
10 August 2017, initial.
25 September 2017, CVE ID assingned. 8 September 2022, Updated affected product.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|