Access Control and Permission Vulnerability in ZTE ZXUPN-9000E
CVE-2019-3425

8.8HIGH

Key Information:

Vendor: Zte Corporation
Status: Zxupn-9000e
Vendor: CVE Published:; 8 November 2019

🔔 Create Zte Corporation Vulnerability Alert

What is CVE-2019-3425?

The ZXUPN-9000E from ZTE is susceptible to an access control vulnerability that allows attackers to exploit inadequate permission settings. This flaw permits unauthorized individuals to reset or alter passwords of other user accounts, potentially compromising sensitive information and user security. It is critical for users to remain vigilant and apply recommended security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

ZXUPN-9000E All versions up to 9000EV5.0R1B12

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Dec 31, 2018