Permissions and Access Control Vulnerability in ZTE H388X

Original Release Date: June 19 2024



Vulnerability ID

CVE ID: CVE-2023-25646             CNNVD ID: CNNVD-2024-88974696 


CVSS 3.1 Base Score

7.1 HighAV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H



There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permission can use this vulnerability to obtain elevated permission on the affected device by performing specific operations.


Affected Products and Fixes

Product Name

Affected Version

Resolved Version


H388X V10.1: AGZHM_1.3.1

H388X V10.1: AGZHM_1.4.0




ZTE thanks security researchers Filippo Pitzalis (Abissi SRL) for paying attention to our products and cooperating with us to disclose vulnerability.


Update Records

June 19 2024, initial.


 Version Update Method

Please contact ZTE Global Customer Support Center to obtain the upgraded version.


Global Customer Support Center