Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7366

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.

Published

2018-12-28T16:29:06.067

Last Modified

2024-11-21T04:12:04.870

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxv10_b860av2.1_chinamobile_firmware	< icnt_v1.3.3	Yes
Hardware	zte	zxv10_b860av2.1_chinamobile	-	No
Operating System	zte	zxv10_b860av2.1_chinamobile_firmware	< bestv_v1.2.2	Yes
Hardware	zte	zxv10_b860av2.1_chinamobile	-	No
Operating System	zte	zxv10_b860av2.1_chinamobile_firmware	< wasu_v1.1.7	Yes
Hardware	zte	zxv10_b860av2.1_chinamobile	-	No
Operating System	zte	zxv10_b860av2.1_chinamobile_firmware	< mgtv_v1.4.6	Yes
Hardware	zte	zxv10_b860av2.1_chinamobile	-	No

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023 Vendor Advisory ([email protected])
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010023 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)