Information Disclosure Vulnerability in ZXR10 1800-2S by ZTE
CVE-2017-10931

7.5HIGH

Key Information:

Vendor: Zte
Status: Zx10 1800-2s
Vendor: CVE Published:; 19 September 2017

What is CVE-2017-10931?

The ZXR10 1800-2S before version 3.00.40 contains a security flaw that improperly limits the downloadable file directory range for WEB users. This vulnerability allows unauthorized users to access sensitive files, leading to potential exposure of critical system configurations and other confidential data.

Affected Version(s)

ZX10 1800-2S All versions prior to V3.00.40

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2017
Vulnerability Reserved
Jul 5, 2017

Zte

What is CVE-2017-10931?

Affected Version(s)

References

CVSS V3.1

Timeline