Overview
- Description
- All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
- Source
- psirt@zte.com.cn
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxdt22_sf01_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF0B856D-169F-4622-9271-BB738AE84961",
"versionEndIncluding": "v2.06.00.00"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxdt22_sf01:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7AF580C7-ADB1-4E89-8012-BB7652669EEC"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]