|
Original release date: 17 September 2018
Update date: 15 November 2018
CVE ID
CVE-2018-7357
CVE-2018-7358
CVSS 3.0 Base Score
CVE-2018-7357
6.5 Medium (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE-2018-7358
6.5 Medium (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Description
CVE-2018-7357
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
CVE-2018-7358
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
Affected Products and Fixes
|
Product Name |
Affected Version |
Resolved Version |
|
ZXHN H168N v2.2 |
V2.2.0_PK1.2T5、V2.2.0_PK1.2T2、
V2.2.0_PK11T7、V2.2.0_PK11T4 |
V2.2.0_PK1.2T6 |
Credit
Thanks to security researcher Usman Saeed for reporting the security vulnerabilities to ZTE PSIRT.
Update Records
17 September 2018, initial.
13 November 2018, Description, Affected Products and Fixes updated.
15 November 2018, CVE ID and CVSS 3.0 Base Score updated.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|