{"id": "CVE-2022-23144", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2022-09-23T15:15:12.687", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system."}, {"lang": "es", "value": "Existe una vulnerabilidad de control de acceso rota en el producto ZTE ZXvSTB. Debido a un control de permisos inadecuado, los atacantes podr\u00edan utilizar esta vulnerabilidad para eliminar el tipo de aplicaci\u00f3n por defecto, lo que afecta al uso normal del sistema"}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b76hv3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB8ADD9F-4B16-4440-AEEC-763365BB7285", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b76hv3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B341B3D2-9D8E-4920-B766-8B62FCA39830"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b766v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70719499-CFC5-4E37-BD1F-257B30274A43", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b766v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6EB77DA4-4579-4B07-B9D2-A7968A36C86E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b800v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A11533C-0675-4C13-98A9-FF7E0205230D", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b800v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC97D0BF-385E-465E-B123-3DAD8990424C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b860av2.1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D79EC4AD-7E6D-46BB-96A5-70D087B29BEE", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b860av2.1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC22B664-CC69-49C7-9B19-BDA36BDEB5BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b860h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "146B2AFC-B4A8-48D3-B036-55D0130736F5", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b860h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05F076F3-C30E-4D98-8FC2-D6AE83068E51"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b866v2-h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E743BF1-85E4-485E-97FE-AD882AE3701E", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b866v2-h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6281D861-1C83-42B2-B715-700AC045A9D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40CFE7A9-37F3-496C-816B-B92DB455FDFC", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b866v5-w10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C49BCB3D-49EF-4C9A-BE5B-D5F754943071"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b960gv1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1F9FAF-408E-4923-BC28-8D559EF02E71", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b960gv1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A078214-97A8-4CA1-BCC2-2F27F9699A72"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b710c-a12_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "548B39A3-1ED0-4C9A-9E21-1AAF061B2F10", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b710c-a12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB4A9406-40E1-4012-9C63-F27427A81B8F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16BAE4B6-2D36-4A62-9295-A21C93952820", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b710s2-a19:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9055C616-12CE-471C-A1F5-88324BD2000A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62288204-DA37-49B3-A0F2-8D356A7175D4", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b836ct-a15:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7093877F-010E-415F-8C47-514882DA96A4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s100v_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3BD3DD-A4D7-444B-9989-5301F9C5BDCF", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s100v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A7C845AE-B97A-4104-A6CA-77720AA01C64"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s200a_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984F6995-C9A7-49A3-8518-3D0BF5E6F41A", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s200a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFBA0AB5-AF7A-427E-A303-37080D5E3E0B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_s200t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B85BB5E-9130-4C5A-86AB-A0B51B4B0155", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_s200t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3EBF8079-7519-4E88-9621-35009096FF49"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxa10_b700v7_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC12D0A2-ACEB-4874-A6CC-A0F741840BAC", "versionEndIncluding": "2.01.02.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxa10_b700v7:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08919C9A-99E0-47CF-A51B-BFE842958469"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}
