Описание
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до v3.22.11p3 (исключая)
Одновременно
cpe:2.3:o:zte:zxv10_et301_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_et301:*:*:*:*:*:*:*:*
Конфигурация 2Версия до v2.24.10p1 (исключая)
Одновременно
cpe:2.3:o:zte:zxv10_xt802_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxv10_xt802:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00133
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.1
github
больше 1 года назад
There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.
EPSS
Процентиль: 33%
0.00133
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo