9.1
CVE-2022-23144
- EPSS 0.39%
- Published 23.09.2022 15:15:12
- Last modified 22.05.2025 19:15:29
- Source psirt@zte.com.cn
- Teams watchlist Login
- Open Login
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Data is provided by the National Vulnerability Database (NVD)
Zte ≫ Zxa10 B76hv3 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B766v2 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B800v2 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B860av2.1 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B860h Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B866v2-h Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B866v5-w10 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B960gv1 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B710c-a12 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B710s2-a19 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B836ct-a15 Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 S100v Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 S200a Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 S200t Firmware Version <= 2.01.02.01
Zte ≫ Zxa10 B700v7 Firmware Version <= 2.01.02.01
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.593 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|