Cryptographic Issues Vulnerability in ZTE MF297D

Original release date:  June 9, 2022

 

CVE ID

CVE-2022-23138

 

CVSS 3.1 Base Score 

5.7 MediumAV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

 

Description 

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

MF297D

MF297D_Nordic1_B05

MF297D_Nordic1_B06

 

Acknowledgement

ZTE thanks Daniel Wong for paying attention to our products and cooperating with us to disclose vulnerability.

 

Update Records

June 9, 2022, initial.

 

Version Update Method

A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html