CVE-2024-22068

Published Oct 10, 2024

Last updated 19 days ago

CVSS medium 6.0

Overview

Description: Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
Source: psirt@zte.com.cn
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@zte.com.cn: CWE-269
nvd@nist.gov: CWE-521

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53D31468-8382-4CF6-BAD7-C4E7C16B4E30",
            "versionEndExcluding": "6.00.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA2AC22D-CC1C-4F6E-AFA1-EEC6C2A294DC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6672D0C2-3697-4A17-AE68-B23B937A1846",
            "versionEndExcluding": "6.00.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C5A4FC3A-3137-4B81-85D4-48AC72CF1019"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5CFF33A-3556-4898-AD0B-EA5022B717A6",
            "versionEndExcluding": "6.00.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6346FA61-050D-4E0A-906C-D2E62D9AA3A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C666FC-30F5-415B-8F81-A7A7909D5C8C",
            "versionEndExcluding": "6.00.10"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6389B69E-A7E2-4BF3-A628-4F5C0ED6EF86"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References