Lucene search

[email protected]CVE-2022-23141

HistoryJul 15, 2022 - 3:15 p.m.

CVE-2022-23141

2022-07-1515:15:00

CWE-532

[email protected]

web.nvd.nist.gov

cve-2022-23141

zxmp m721

information leak

vulnerability

zboot interface

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.1%

JSON

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

CPENameOperatorVersion
zte:zxmp_m721_firmwarezte zxmp m721 firmwareeqcommond21bootv100004_ls1045

CPE	Name	Operator	Version
zte:zxmp_m721_firmware	zte zxmp m721 firmware	eq	commond21bootv100004_ls1045

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.1%

JSON

Related for CVE-2022-23141

prion1 cnvd1 cvelist1