Command Injection Vulnerability in ZTE ZX297520V3 Products
CVE-2019-3421

8HIGH

Key Information:

Vendor: Zte Corporation
Status: Zx297520v3
Vendor: CVE Published:; 31 October 2019

🔔 Create Zte Corporation Vulnerability Alert

What is CVE-2019-3421?

The ZTE ZX297520V3 product series, including the 7520V3V1.0.0B09P27 version, is susceptible to a command injection vulnerability. This flaw allows unauthorized users to execute arbitrary commands on the user terminal system, potentially leading to unauthorized access and control over critical system functions. Users are encouraged to update their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

ZX297520V3 All versions up to 7520V3V1.0.0B09P27

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2019
Vulnerability Reserved
Dec 31, 2018