Path Traversal Vulnerability in ZTE MW Product

Original release date:   2019-07-10

 

CVE ID

 CVE-2019-3415

 

CVSS 3.0 Base Score

 6.8 MediumAV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

 

Description

 Versions with NR8000V2.4.4.03 and NR8000V2.4.4.04 of ZTE MW product are impacted by path traversal vulnerability.Due to path traversal,users can download any files.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXMW NR8000

V2.4.4.04

V2.4.4.03

V2.4.4.05

 

Update Records

2019-07-10, initial.

 

Supporting team contacts

1. ZTE GCSC hotline:

0755-26770800

800-830-1118

400-830-1118

2. Product forum at ZTE Support website.

 

ZTE PSIRT

If you need to feedback or report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn, PGP key ID: FF095577.

[Close]