|
Original release date: September 19, 2022 CVE ID: CVE-2022-23144 CNNVD ID: CNNVD-2022-17282692 CVSS 3.1 Base Score 3.8 Low (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L) Description There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXvSTB | All versions up to ZXvSTB-CAMSV2.01.02.01 | ZXvSTB-CAMSV2.01.02.01P1 |
Source The vulnerability was found by ZTE's internal test. Update Records September 19, 2022, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|