|
Original Release Date: June 19 2024 Vulnerability ID CVE ID: CVE-2023-25646 CNNVD ID: CNNVD-2024-88974696 CVSS 3.1 Base Score 7.1 High(AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) Description There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permission can use this vulnerability to obtain elevated permission on the affected device by performing specific operations. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXHN H388X | H388X V10.1: AGZHM_1.3.1 | H388X V10.1: AGZHM_1.4.0 |
Acknowledgement ZTE thanks security researchers Filippo Pitzalis (Abissi SRL) for paying attention to our products and cooperating with us to disclose vulnerability. Update Records June 19 2024, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|