CVE-2024-22067

Published Nov 18, 2024

Last updated 3 months ago

CVSS high 8.8

Overview

Description: ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
Source: psirt@zte.com.cn
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2024-22067 ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exp… https://t.co/0mUMGvyPl7
@CVEnew
18 Nov 2024
549 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:nh8091_firmware:znh8091v1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "096C951D-515A-4932-B65C-E116BE621C2A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:nh8091:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE274E9B-49C5-4B2C-A47F-95B4E44844F1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References