|
Original release date: 9 October 2017
Update date: 20 October 2017
CVE ID
CVE-2017-10933
CVSS 3.0 Base Score
8.6 HIGH (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Product
ZXDT22 SF01
Affected Versions
All versions prior to V2.06.00.00
Description
All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
Resolution
Users are recommended to upgrade or change to newer versions after V2.06.00.00.
Credit
Thanks to Zhang Jinxin for reporting the security issue to ZTE PSIRT.
References
CVE-2017-10933 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10933)
CVE-2017-10931 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10931)
CVE-2015-7250 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7250)
CVE-2015-7254 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7254)
Update Records
9 October 2017, initial.
20 October 2017, CVE ID assigned.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|