CVE-2018-7364

Опубликовано: 07 дек. 2018

Источник: nvd

CVSS3: 8.3

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Ссылки

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
Vendor Advisory
https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p
Exploit
Third Party Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
Vendor Advisory
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
Vendor Advisory
https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p
Exploit
Third Party Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zte:zxin10:*:*:*:*:*:*:*:*

Версия до resv1.01.44 (исключая)

EPSS

Процентиль: 89%

0.04801

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-m37h-p77w-f6f7

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 89%

0.04801

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-284

NVD-CWE-Other