CVE-2023-25646

EPSS 0.1%
Veröffentlicht 20.06.2024 07:15:41
Zuletzt bearbeitet 28.01.2025 16:29:58
Quelle psirt@zte.com.cn
CVE-Watchlists
Login
Unerledigt
Login

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zte ≫ Zxhn H388x Firmware Version10.1_agzhm_1.3.1

Zte ≫ Zxhn H388x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	0.5	5.9	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@zte.com.cn	7.1	0.5	6	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-25646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25646

EUVD