CVE-2022-23141

EPSS 0.3%
Published 15.07.2022 15:15:08
Last modified 21.11.2024 06:48:05
Source psirt@zte.com.cn
Teams watchlist Login
Open Login

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zte ≫ Zxmp M721 Firmware Versioncommond21bootv100004_ls1045

Zte ≫ Zxmp M721 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.528

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23141

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23141

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23141

EUVD