|
Original release date: 7 December 2018
Update date: 10 December 2018
CVE ID
CVE-2018-7364
CVSS 3.0 Base Score
8.3 High (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Description
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
Affected Products and Fixes
|
Product Name |
Affected Version |
Resolved Version |
|
ZXIN10-European region |
All versions up to ZXINOS-RESV1.01.43 |
ZXINOS-RESV1.01.44 |
Credit
Thanks to security researcher Guillaume TEISSIER at Orange Cert for reporting the security vulnerability to ZTE PSIRT.
Update Records
7 December 2018, initial.
10 December 2018, CVE ID and CVSS 3.0 Base Score updated.
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|