|
Original Release Date: August 08 2024 Vulnerability ID CVE ID: CVE-2024-22069 CNNVD ID: CNNVD-2024-30545613 CVSS 3.1 Base Score 7.1 HGIH (AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L) Description There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXV10 ET301 | All versions up to V3.22.11P3 | V3.22.11P3 | ZXV10 XT802 | All versions up to V2.24.10P1 | V2.24.10P1 |
Source The vulnerability was found by external researcher. Acknowledgement ZTE thanks CNVD for paying attention to our products and cooperating with us to disclose vulnerability. Update Records August 08 2024, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|