CVE-2022-39070

EPSS 0.75%
Veröffentlicht 22.11.2022 17:15:10
Zuletzt bearbeitet 29.04.2025 05:15:43
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxa10 C350m Firmware Version >= 2.1.0 < 2.1.0xgp002.4

Zte ≫ Zxa10 C350m Version-

Zte ≫ Zxa10 C300m Firmware Version >= 2.1.0 < 2.1.0xgp002.4

Zte ≫ Zxa10 C300m Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.724

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-39070

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-39070

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-39070

EUVD