CVE-2024-22063

The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zte:zenic_one_r58:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-30 10:15

Updated : 2025-01-28 17:05

NVD link : CVE-2024-22063

Mitre link : CVE-2024-22063

CVE.ORG link : CVE-2024-22063

JSON object : View

Products Affected

zte

zenic_one_r58

CWE

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

{"id": "CVE-2024-22063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2024-12-30T10:15:05.867", "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4522216612187627521", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1236"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices."}, {"lang": "es", "value": "Los productos ZENIC ONE R58 de ZTE Corporation tienen una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante autenticado puede aprovechar esta vulnerabilidad para manipular mensajes, inyectar c\u00f3digo malicioso y, posteriormente, lanzar ataques a los dispositivos relacionados."}], "lastModified": "2025-01-28T17:05:45.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zenic_one_r58:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F4F12D1-1686-4488-80F9-590DCB68CF41", "versionEndExcluding": "16.24.40"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}