Access Control Vulnerability in ZTE PON OLT Products
CVE-2022-39070

9.8CRITICAL

Key Information:

Vendor: Zte
Status: Zxa10 C3xx
Vendor: CVE Published:; 22 November 2022

What is CVE-2022-39070?

An access control vulnerability exists in certain ZTE PON OLT products, resulting from improper access control configurations. This flaw enables remote attackers to gain unauthorized access to the device, allowing them to perform a range of operations without verification. Proper measures should be taken to secure these products and prevent potential exploitation.

Affected Version(s)

ZXA10 C3XX All versions up to V2.1.0 XGP002.3

References

https://support.zte.com.cn/support/news/LoopholeInfoDetai...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2022
Vulnerability Reserved
Aug 31, 2022

Zte

What is CVE-2022-39070?

Affected Version(s)

References

CVSS V3.1

Timeline