CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zte:zxa10_b76hv3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b76hv3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zte:zxa10_b766v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b766v2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zte:zxa10_b800v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b800v2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zte:zxa10_b860av2.1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b860av2.1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zte:zxa10_b860h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b860h:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zte:zxa10_b866v2-h_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b866v2-h:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b866v5-w10:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zte:zxa10_b960gv1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b960gv1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zte:zxa10_b710c-a12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b710c-a12:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b710s2-a19:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b836ct-a15:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zte:zxa10_s100v_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_s100v:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:zte:zxa10_s200a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_s200a:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:zte:zxa10_s200t_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_s200t:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:zte:zxa10_b700v7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxa10_b700v7:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-59~~	NVD-CWE-Other

26 Sep 2022, 19:01

Type	Values Removed	Values Added
CWE		CWE-59
References	~~(MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224 -~~	(MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224 - Vendor Advisory
First Time		Zte zxa10 B800v2 Firmware Zte zxa10 B710c-a12 Zte zxa10 B960gv1 Zte zxa10 S100v Zte zxa10 B836ct-a15 Zte zxa10 B700v7 Firmware Zte zxa10 B710c-a12 Firmware Zte zxa10 S200t Zte zxa10 B76hv3 Zte zxa10 S200t Firmware Zte zxa10 S100v Firmware Zte zxa10 B766v2 Zte zxa10 S200a Zte zxa10 B710s2-a19 Firmware Zte zxa10 B866v2-h Firmware Zte Zte zxa10 B766v2 Firmware Zte zxa10 B710s2-a19 Zte zxa10 B860av2.1 Zte zxa10 B866v5-w10 Zte zxa10 B860h Firmware Zte zxa10 B836ct-a15 Firmware Zte zxa10 B860av2.1 Firmware Zte zxa10 B76hv3 Firmware Zte zxa10 S200a Firmware Zte zxa10 B800v2 Zte zxa10 B860h Zte zxa10 B960gv1 Firmware Zte zxa10 B700v7 Zte zxa10 B866v5-w10 Firmware Zte zxa10 B866v2-h
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1
CPE		cpe:2.3:h:zte:zxa10_b860h:-:::::::* cpe:2.3:h:zte:zxa10_b710s2-a19:-:::::::* cpe:2.3:o:zte:zxa10_s200a_firmware:::::::: cpe:2.3:h:zte:zxa10_b700v7:-:::::::* cpe:2.3:o:zte:zxa10_b960gv1_firmware:::::::: cpe:2.3:h:zte:zxa10_b766v2:-:::::::* cpe:2.3:h:zte:zxa10_b960gv1:-:::::::* cpe:2.3:h:zte:zxa10_b836ct-a15:-:::::::* cpe:2.3:h:zte:zxa10_s200t:-:::::::* cpe:2.3:h:zte:zxa10_b860av2.1:-:::::::* cpe:2.3:o:zte:zxa10_b76hv3_firmware:::::::: cpe:2.3:o:zte:zxa10_b860h_firmware:::::::: cpe:2.3:o:zte:zxa10_b866v2-h_firmware:::::::: cpe:2.3:o:zte:zxa10_b766v2_firmware:::::::: cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:::::::: cpe:2.3:o:zte:zxa10_b800v2_firmware:::::::: cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:::::::: cpe:2.3:h:zte:zxa10_s100v:-:::::::* cpe:2.3:h:zte:zxa10_s200a:-:::::::* cpe:2.3:o:zte:zxa10_b860av2.1_firmware:::::::: cpe:2.3:o:zte:zxa10_b700v7_firmware:::::::: cpe:2.3:o:zte:zxa10_b710c-a12_firmware:::::::: cpe:2.3:o:zte:zxa10_s200t_firmware:::::::: cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:::::::: cpe:2.3:h:zte:zxa10_b710c-a12:-:::::::* cpe:2.3:h:zte:zxa10_b76hv3:-:::::::* cpe:2.3:h:zte:zxa10_b866v5-w10:-:::::::* cpe:2.3:h:zte:zxa10_b866v2-h:-:::::::* cpe:2.3:h:zte:zxa10_b800v2:-:::::::* cpe:2.3:o:zte:zxa10_s100v_firmware::::::::

23 Sep 2022, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-23 15:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-23144

Mitre link : CVE-2022-23144

CVE.ORG link : CVE-2022-23144

JSON object : View

Products Affected

zte

zxa10_b866v5-w10
zxa10_s200t
zxa10_s200a_firmware
zxa10_b836ct-a15_firmware
zxa10_b710c-a12_firmware
zxa10_b860av2.1
zxa10_b700v7_firmware
zxa10_b866v5-w10_firmware
zxa10_b766v2
zxa10_b860h_firmware
zxa10_s100v_firmware
zxa10_b960gv1
zxa10_b710s2-a19
zxa10_b960gv1_firmware
zxa10_b700v7
zxa10_b710s2-a19_firmware
zxa10_b860h
zxa10_b766v2_firmware
zxa10_s200a
zxa10_b836ct-a15
zxa10_b800v2_firmware
zxa10_b860av2.1_firmware
zxa10_b76hv3_firmware
zxa10_b76hv3
zxa10_s200t_firmware
zxa10_b800v2
zxa10_s100v
zxa10_b710c-a12
zxa10_b866v2-h
zxa10_b866v2-h_firmware

CWE

NVD-CWE-Other

9.1 /10