There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.
References
Link | Resource |
---|---|
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
08 Nov 2024, 14:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:* cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:* cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Zte zxr10 160
Zte zxr10 2800-4 Firmware Zte zxr10 3800-8 Firmware Zte zxr10 160 Firmware Zte Zte zxr10 1800-2s Firmware Zte zxr10 2800-4 Zte zxr10 3800-8 Zte zxr10 1800-2s |
|
References | () https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 - Vendor Advisory |
29 Oct 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 09:15
Updated : 2024-11-08 14:31
NVD link : CVE-2024-22066
Mitre link : CVE-2024-22066
CVE.ORG link : CVE-2024-22066
JSON object : View
Products Affected
zte
- zxr10_3800-8
- zxr10_3800-8_firmware
- zxr10_2800-4
- zxr10_1800-2s
- zxr10_160
- zxr10_2800-4_firmware
- zxr10_1800-2s_firmware
- zxr10_160_firmware
CWE
CWE-294
Authentication Bypass by Capture-replay