|
Original release date: 26 December 2018
Update date: 29 December 2018
CVE ID
CVE-2018-7366
CVSS 3.0 Base Score
4.3 Medium (AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Description
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.
Affected Products and Fixes
|
Product Name |
Affected Version |
Resolved Version |
|
ZXV10 B860AV2.1_ChinaMobile |
All versions up to ICNT_V1.3.3 |
ICNTV_V1.3.20 |
|
All versions up to BESTV_V1.2.2 |
BESTV_V1.2.9 |
|
All versions up to WASU_V1.1.7 |
WASU_V1.1.10 |
|
All versions up to MGTV_V1.4.6 |
MGTV_V1.4.7 |
Credit
Thanks to China National Vulnerability Database (CNVD) for reporting the security vulnerabilities to ZTE PSIRT.
References
http://www.cnvd.org.cn/flaw/show/CNVD-2018-06127
Update Records
26 December 2018, initial.
29 December 2018, CVE ID and CVSS 3.0 Base Score updated.
Supporting team contacts
1. ZTE GCSC hotline:
0755-26770800
800-830-1118
400-830-1118
2. Product forum at ZTE Support website.
ZTE PSIRT
If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|