Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22069

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator illegally by intercepting requests to change the passwords.

Published

2024-08-08T08:15:05.123

Last Modified

2024-08-20T17:22:39.500

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zte	zxv10_et301_firmware	< v3.22.11p3	Yes
Hardware	zte	zxv10_et301	*	No
Operating System	zte	zxv10_xt802_firmware	< v2.24.10p1	Yes
Hardware	zte	zxv10_xt802	*	No

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1036424 Vendor Advisory ([email protected])