|
Initial release date: 31 October,2019 CVE ID CVE-2019-3425 CVE-2019-3426 CVSS 3.0 Base Score CVE-2019-3425: 6.3 Medium (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVE-2019-3426: 5.9 Medium (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) Description CVE-2019-3425: The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by vulnerability of permission and access control. An attacker could exploit this vulnerability to directly reset or change passwords of other accounts. CVE-2019-3426: The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. Affected Products and Fixes 产品名称 | 受影响版本号 | 修复版本号 | ZXUPN-9000E | All versions up to 9000EV5.0R1B12 | 9000EV5.0R3B1 |
Source The vulnerabilities were found by ZTE internal testing. Update Records Initial release, 31 October, 2019 Contact Our Supporting Team 1. ZTE GCSC hotline: 0755-26770800 800-830-1118 400-830-1118 2. Product Forum on ZTE Support website. ZTE PSIRT If you need to report security vulnerabilities related to ZTE products, or get ZTE product security incident response service and vulnerability information, please contact ZTE PSIRT: psirt@zte.com.cn. PGP key ID: FF095577.
|