ZTE ZXV10 XT802/ET301 Permission and Access Control Vulnerability
CVE-2024-22069
8.8HIGH
Key Information:
- Vendor
- Zte
- Status
- Zxv10 Xt802
- Zxv10 Et301
- Vendor
- CVE Published:
- 8 August 2024
Summary
A permission and access control vulnerability exists in ZTE's ZXV10 XT802 and ET301 products. This vulnerability allows an attacker with common user permissions to log into the terminal web interface and modify the administrator's password. By intercepting requests intended for password change operations, an unauthorized individual could escalate their access privileges, potentially leading to unauthorized control over network devices. Organizations using these products should assess their security measures and apply necessary updates to mitigate this risk.
Affected Version(s)
ZXV10 ET301 Linux All versions up to V3.22.11P3
ZXV10 XT802 Linux All versions up to V2.24.10P1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database