CVE-2022-23144

Published Sep 23, 2022
Last updated a year ago
CVSS critical 9.1
Overview

Description: There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
Source: psirt@zte.com.cn
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity: CRITICAL
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b76hv3_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB8ADD9F-4B16-4440-AEEC-763365BB7285",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b76hv3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B341B3D2-9D8E-4920-B766-8B62FCA39830"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b766v2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70719499-CFC5-4E37-BD1F-257B30274A43",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b766v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6EB77DA4-4579-4B07-B9D2-A7968A36C86E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b800v2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A11533C-0675-4C13-98A9-FF7E0205230D",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b800v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AC97D0BF-385E-465E-B123-3DAD8990424C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b860av2.1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D79EC4AD-7E6D-46BB-96A5-70D087B29BEE",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b860av2.1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BC22B664-CC69-49C7-9B19-BDA36BDEB5BF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b860h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "146B2AFC-B4A8-48D3-B036-55D0130736F5",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b860h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05F076F3-C30E-4D98-8FC2-D6AE83068E51"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b866v2-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E743BF1-85E4-485E-97FE-AD882AE3701E",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b866v2-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6281D861-1C83-42B2-B715-700AC045A9D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40CFE7A9-37F3-496C-816B-B92DB455FDFC",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b866v5-w10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C49BCB3D-49EF-4C9A-BE5B-D5F754943071"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b960gv1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1F9FAF-408E-4923-BC28-8D559EF02E71",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b960gv1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A078214-97A8-4CA1-BCC2-2F27F9699A72"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b710c-a12_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "548B39A3-1ED0-4C9A-9E21-1AAF061B2F10",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b710c-a12:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EB4A9406-40E1-4012-9C63-F27427A81B8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16BAE4B6-2D36-4A62-9295-A21C93952820",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b710s2-a19:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9055C616-12CE-471C-A1F5-88324BD2000A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62288204-DA37-49B3-A0F2-8D356A7175D4",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b836ct-a15:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7093877F-010E-415F-8C47-514882DA96A4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_s100v_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D3BD3DD-A4D7-444B-9989-5301F9C5BDCF",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_s100v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7C845AE-B97A-4104-A6CA-77720AA01C64"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_s200a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "984F6995-C9A7-49A3-8518-3D0BF5E6F41A",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_s200a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AFBA0AB5-AF7A-427E-A303-37080D5E3E0B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_s200t_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B85BB5E-9130-4C5A-86AB-A0B51B4B0155",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_s200t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3EBF8079-7519-4E88-9621-35009096FF49"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxa10_b700v7_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC12D0A2-ACEB-4874-A6CC-A0F741840BAC",
            "versionEndIncluding": "2.01.02.01"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxa10_b700v7:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08919C9A-99E0-47CF-A51B-BFE842958469"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
