Sign-up

ID

VAR-202211-1634


CVE

CVE-2022-39070


TITLE

ZTE ZXA10 C3XX Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86323

DESCRIPTION

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. ZTE ZXA10 C3XX is a series of optical access and convergence equipment with EPON/GPON functions produced by China ZTE Corporation (ZTE)

Trust: 1.53

sources: NVD: CVE-2022-39070 // CNVD: CNVD-2022-86323 // VULMON: CVE-2022-39070

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-86323

AFFECTED PRODUCTS

vendor:ztemodel:zxa10 c300mscope:gteversion:2.1.0

Trust: 1.0

vendor:ztemodel:zxa10 c350mscope:gteversion:2.1.0

Trust: 1.0

vendor:ztemodel:zxa10 c300mscope:ltversion:2.1.0xgp002.4

Trust: 1.0

vendor:ztemodel:zxa10 c350mscope:ltversion:2.1.0xgp002.4

Trust: 1.0

vendor:ztemodel:zxa10 c3xx >=2.1.0,<2.1.0xgp002.4scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-86323 // NVD: CVE-2022-39070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39070
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2022-86323
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202211-3312
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2022-86323
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-39070
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2022-86323 // CNNVD: CNNVD-202211-3312 // NVD: CVE-2022-39070

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2022-39070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-3312

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-3312

PATCH

title:Patch for ZTE ZXA10 C3XX Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/365671

Trust: 0.6

title:ZTE ZXA10 C3XX Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=215582

Trust: 0.6

sources: CNVD: CNVD-2022-86323 // CNNVD: CNNVD-202211-3312

EXTERNAL IDS

db:NVDid:CVE-2022-39070

Trust: 2.3

db:ZTEid:1027824

Trust: 2.3

db:CNVDid:CNVD-2022-86323

Trust: 0.6

db:CNNVDid:CNNVD-202211-3312

Trust: 0.6

db:VULMONid:CVE-2022-39070

Trust: 0.1

sources: CNVD: CNVD-2022-86323 // VULMON: CVE-2022-39070 // CNNVD: CNNVD-202211-3312 // NVD: CVE-2022-39070

REFERENCES

url:https://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1027824

Trust: 2.3

url:https://cxsecurity.com/cveshow/cve-2022-39070/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-86323 // VULMON: CVE-2022-39070 // CNNVD: CNNVD-202211-3312 // NVD: CVE-2022-39070

SOURCES

db:CNVDid:CNVD-2022-86323
db:VULMONid:CVE-2022-39070
db:CNNVDid:CNNVD-202211-3312
db:NVDid:CVE-2022-39070

LAST UPDATE DATE

2024-08-14T14:30:51.353000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-86323date:2022-12-09T00:00:00
db:VULMONid:CVE-2022-39070date:2022-11-22T00:00:00
db:CNNVDid:CNNVD-202211-3312date:2022-11-29T00:00:00
db:NVDid:CVE-2022-39070date:2022-11-28T19:29:32.380

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-86323date:2022-12-07T00:00:00
db:VULMONid:CVE-2022-39070date:2022-11-22T00:00:00
db:CNNVDid:CNNVD-202211-3312date:2022-11-22T00:00:00
db:NVDid:CVE-2022-39070date:2022-11-22T17:15:10.510