Initial Release Date: November 21 2022 Vulnerability ID CVE ID: CVE-2022-39070 CNNVD ID: CNNVD-2022-98751116 CVSS 3.1 Base Score 9.0 Critical (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) Description There is an access control vulnerability in ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXA10 C3XX | All versions up to V2.1.0 XGP002.3 | V2.1.0XGP002.4 |
Acknowledgement ZTE thanks Alexandre Souleau, Mathis Cariou and Liang Thong for paying attention to our products and cooperating with us to disclose vulnerabilities. Update Records November 21, 2022, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|