|
Original release date: June 9, 2022 CVE ID CVE-2022-23138 CVSS 3.1 Base Score 5.7 Medium(AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L) Description ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. Affected Products and Fixes Product Name | Affected Version | Resolved Version | MF297D | MF297D_Nordic1_B05 | MF297D_Nordic1_B06 |
Acknowledgement ZTE thanks Daniel Wong for paying attention to our products and cooperating with us to disclose vulnerability. Update Records June 9, 2022, initial. Version Update Method A device that supports automatic update can receive a pop-up update message. You can upgrade the device accordingly. If no update message is received, contact your service provider to obtain the update information. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|