Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39070

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

Published

2022-11-22T17:15:10.510

Last Modified

2025-04-29T05:15:43.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxa10_c350m_firmware	< 2.1.0xgp002.4	Yes
Hardware	zte	zxa10_c350m	-	No
Operating System	zte	zxa10_c300m_firmware	< 2.1.0xgp002.4	Yes
Hardware	zte	zxa10_c300m	-	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824 Vendor Advisory ([email protected])
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)