|
Original release date: 22 November 2017
CVE ID
CVE-2017-10935
CVSS 3.0 Base Score
7.2 High (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product
ZXR10 1800-2S
Affected Versions
All versions prior to ZSRV2 V3.00.40
Description
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users bypass the original password authentication protection to change other user’s password.
Resolution
Add strict authentication function on server side.
Credit
Thanks to Cheng Mingjiang for reporting the security issues to ZTE PSIRT.
References
Null.
Update Records
22 November 2017, initial.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|