Improper Authorization Vulnerability in ZTE ZXHN F670 Product
CVE-2018-7363

4.3MEDIUM

Key Information:

Vendor: Zte
Status: Zxhn F670
Vendor: CVE Published:; 16 November 2018

What is CVE-2018-7363?

The ZTE ZXHN F670 product is susceptible to an improper authorization vulnerability, allowing attackers to exploit the appviahttp service. This vulnerability lacks an authorization delay, enabling a brute force approach to gaining unauthorized access to account credentials. Users of affected versions should implement security measures to mitigate potential risks.

Affected Version(s)

ZXHN F670 <= unspecified

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2018
Vulnerability Reserved
Feb 22, 2018

JSON

Zte

What is CVE-2018-7363?

Affected Version(s)

References

CVSS V3.1

Timeline