{"api_version":"1","generated_at":"2026-04-26T17:14:21+00:00","cve":"CVE-2018-7363","urls":{"html":"https://cve.report/CVE-2018-7363","api":"https://cve.report/api/cve/CVE-2018-7363.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-7363","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-7363"},"summary":{"title":"CVE-2018-7363","description":"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.","state":"PUBLIC","assigner":"psirt@zte.com.cn","published_at":"2018-11-16 15:29:00","updated_at":"2019-10-09 23:42:00"},"problem_types":["CWE-863"],"metrics":[],"references":[{"url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383","name":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Bulletin Details","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-7363","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7363","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"7363","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zte","cpe5":"zxhn_f670","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7363","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zte","cpe5":"zxhn_f670","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7363","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zte","cpe5":"zxhn_f670_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"7363","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zte","cpe5":"zxhn_f670_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@zte.com.cn","ID":"CVE-2018-7363","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ZXHN F670","version":{"version_data":[{"affected":"<=","version_value":"V1.1.10P3T18"}]}}]},"vendor_name":"ZTE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Authorization"}]}]},"references":{"reference_data":[{"name":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383","refsource":"CONFIRM","url":"http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2018-11-16 15:29:00","lastModifiedDate":"2019-10-09 23:42:00","problem_types":["CWE-863"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3},"severity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zte:zxhn_f670_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.10p3t18","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zte:zxhn_f670:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"7363","Ordinal":"123636","Title":"CVE-2018-7363","CVE":"CVE-2018-7363","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"7363","Ordinal":"1","NoteData":"All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"7363","Ordinal":"2","NoteData":"2018-11-16","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"7363","Ordinal":"3","NoteData":"2018-11-16","Type":"Other","Title":"Modified"}]}}}