|
Original release date: 19 December 2018
Update date: 21 December 2018
CVE ID
CVE-2018-7365
CVSS 3.0 Base Score
5.1 Medium (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)
Description
All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations.
Affected Products and Fixing Plan
|
Product Name |
Affected Version |
Resolved Version |
|
uSmartView |
All versions up to ZXCLOUD iRAI V5.01.05 |
ZXCLOUD iRAI V5.01.06 |
Credit
Thanks to China National Vulnerability Database (CNVD) for reporting the security vulnerabilities to ZTE PSIRT.
References
http://www.cnvd.org.cn/flaw/show/CNVD-2017-26288
Update Records
19 December 2018, initial.
21 December 2018, CVE ID and CVSS 3.0 Base Score updated.
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|