Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22066

There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device.

Published

2024-10-29T09:15:06.800

Last Modified

2024-11-08T14:31:32.933

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-294
Type: Primary
CWE-294

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxr10_1800-2s_firmware	≤ 3.00.40	Yes
Hardware	zte	zxr10_1800-2s	-	No
Operating System	zte	zxr10_2800-4_firmware	≤ 3.00.40	Yes
Hardware	zte	zxr10_2800-4	-	No
Operating System	zte	zxr10_3800-8_firmware	≤ 3.00.40	Yes
Hardware	zte	zxr10_3800-8	-	No
Operating System	zte	zxr10_160_firmware	≤ 3.00.40	Yes
Hardware	zte	zxr10_160	-	No

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1171513586716225590 Vendor Advisory ([email protected])