Input Validation Flaw in ZXUPN-9000E from ZTE
CVE-2019-3426

8.8HIGH

Key Information:

Vendor: Zte Corporation
Status: Zxupn-9000e
Vendor: CVE Published:; 8 November 2019

🔔 Create Zte Corporation Vulnerability Alert

What is CVE-2019-3426?

The ZXUPN-9000E, specifically version 9000EV5.0R1B12 and all prior versions, is susceptible to an input validation issue that can allow attackers to perform unauthorized actions. Proper measures should be taken to mitigate the risks associated with this vulnerability to safeguard sensitive operational environments. For further details, refer to the ZTE support documentation.

Affected Version(s)

ZXUPN-9000E All versions up to 9000EV5.0R1B12

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2019
Vulnerability Reserved
Dec 31, 2018