|
Original release date: September 9, 2022 Vulnerability ID CVE ID: CVE-2022-23143 CNNVD ID: CNNVD-202209-488 CVSS 3.1 Base Score 4.7 Medium (AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) Description ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files. Affected Products and Fixes Product Name | Affected Version | Resolved Version | OTCP | V2.21.40.06RC1 | V2.21.40.06 |
Source The vulnerability was found by ZTE's internal test. Update Records September 9, 2022, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|