Overview
- Description
- ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.
- Source
- psirt@zte.com.cn
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-863
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxmp_m721_firmware:5.10.030.006:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CE8D862-D63C-4C95-B7CB-DBAD1690E435"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxmp_m721:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AEC586E9-E8FA-4988-8CD0-334A1F73BC61"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]