Improper Change Control Vulnerability in ZTE ZXHN H168N Router
CVE-2018-7358

6.5MEDIUM

Key Information:

Vendor: Zte
Status: Zxhn H168n
Vendor: CVE Published:; 14 November 2018

What is CVE-2018-7358?

The ZTE ZXHN H168N router contains an improper change control vulnerability that could enable an unauthorized user to execute unauthorized operations. This flaw affects specific versions of the product, potentially compromising the device's security. As a result, it is critical for users of these devices to implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

ZXHN H168N V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T

References

http://www.securityfocus.com/bid/105963

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/45972/

exploitx_refsource_EXPLOIT-DB

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

EPSS Score

38% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2018
Vulnerability Reserved
Feb 22, 2018

Zte

What is CVE-2018-7358?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline