Access Control Vulnerability in Some ZTE PON OLT Products

Initial Release Date: November 21 2022

 

Vulnerability ID

CVE ID: CVE-2022-39070      CNNVD ID: CNNVD-2022-98751116

 

CVSS 3.1 Base Score

9.0 Critical (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

 

Description

There is an access control vulnerability in ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

 

Affected Products and Fixes

Product Name

Affected Version

Resolved Version

ZXA10 C3XX

All versions up to V2.1.0 XGP002.3

V2.1.0XGP002.4

 

Acknowledgement

ZTE thanks Alexandre Souleau, Mathis Cariou and Liang Thong for paying attention to our products and cooperating with us to disclose vulnerabilities.

 

Update Records

November 21, 2022, initial.

 

Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.

 

Global Customer Support Center

http://support.zte.com.cn/support/web/Contact.aspx?_langType=en

 

ZTE PSIRT

https://www.zte.com.cn/global/cybersecurity/ztepsirt.html

[Close]