CVE-2019-3426

EPSS 0.44%
Veröffentlicht 08.11.2019 19:15:10
Zuletzt bearbeitet 21.11.2024 04:42:04
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxupn-9000e Firmware Version < 9000ev5.0r1b12

Zte ≫ Zxupn-9000e Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.603

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1011683

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-3426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3426

EUVD