CVE-2022-23144

Published on: Not Yet Published

Last Modified on: 09/26/2022 07:01:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Certain versions of Zxa10 B700v7 from Zte contain the following vulnerability:

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.

  • CVE-2022-23144 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as CRITICAL severity.

CVSS3 Score: 9.1 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH HIGH

CVE References

Description Tags Link
Security Bulletin Details support.zte.com.cn
text/html
URL Logo MISC support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Hardware Device InfoZteZxa10 B700v7-AllAllAll
Operating
System
ZteZxa10 B700v7 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B710c-a12-AllAllAll
Operating
System
ZteZxa10 B710c-a12 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B710s2-a19-AllAllAll
Operating
System
ZteZxa10 B710s2-a19 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B766v2-AllAllAll
Operating
System
ZteZxa10 B766v2 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B76hv3-AllAllAll
Operating
System
ZteZxa10 B76hv3 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B800v2-AllAllAll
Operating
System
ZteZxa10 B800v2 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B836ct-a15-AllAllAll
Operating
System
ZteZxa10 B836ct-a15 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B860av2.1-AllAllAll
Operating
System
ZteZxa10 B860av2.1 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B860h-AllAllAll
Operating
System
ZteZxa10 B860h FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B866v2-h-AllAllAll
Operating
System
ZteZxa10 B866v2-h FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B866v5-w10-AllAllAll
Operating
System
ZteZxa10 B866v5-w10 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 B960gv1-AllAllAll
Operating
System
ZteZxa10 B960gv1 FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 S100v-AllAllAll
Operating
System
ZteZxa10 S100v FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 S200a-AllAllAll
Operating
System
ZteZxa10 S200a FirmwareAllAllAllAll
Hardware Device InfoZteZxa10 S200t-AllAllAll
Operating
System
ZteZxa10 S200t FirmwareAllAllAllAll
  • cpe:2.3:h:zte:zxa10_b700v7:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b700v7_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b710c-a12:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b710c-a12_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b710s2-a19:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b710s2-a19_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b766v2:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b766v2_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b76hv3:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b76hv3_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b800v2:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b800v2_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b836ct-a15:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b836ct-a15_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b860av2.1:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b860av2.1_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b860h:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b860h_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b866v2-h:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b866v2-h_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b866v5-w10:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b866v5-w10_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_b960gv1:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_b960gv1_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_s100v:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_s100v_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_s200a:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_s200a_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:zte:zxa10_s200t:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:zte:zxa10_s200t_firmware:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2022-23144 : There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission c… twitter.com/i/web/status/1… 2022-09-23 15:05:39
Twitter Icon @JohnJasonFallow New vulnerability on the NVD: CVE-2022-23144 ift.tt/rJBk4XH 2022-09-23 16:16:40
Twitter Icon @doogsineerg New vulnerability on the NVD: CVE-2022-23144 ift.tt/ruJ6IQk 2022-09-23 16:33:31
Twitter Icon @workentin New vulnerability on the NVD: CVE-2022-23144 ift.tt/RbGc3xl 2022-09-23 16:40:08
Twitter Icon @xanadulinux CVE-2022-23144 ift.tt/Ah8cjdx 2022-09-23 16:52:36
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report