|
Original release date: 30 May 2019 CVE ID CVE-2019-3411 CVE-2019-3412 CVSS 3.0 Base Score CVE-2019-3411 8.1 High(AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVE-2019-3412 9.8 Critical(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Description CVE-2019-3411: All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components. CVE-2019-3412: All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability.Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZTE MF920 | All versions up to BD_R218V2.4 | BD_R218V3.0 |
Credit ZTE thanks Takeshi Shiomitsu for submitting 2 vulnerabilities of ZTE MF920 to ZTE PSIRT. Update Records 30 May 2019, initial. Supporting team contacts 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product forum at ZTE Support website. ZTE PSIRT If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.
|