CVE-2024-22068

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22068
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.

6.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zte:zxr10_2800-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_2800-4:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zte:zxr10_3800-8_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_3800-8:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zte:zxr10_160_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxr10_160:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-10-10 09:15

Updated : 2025-02-07 15:32

NVD link : CVE-2024-22068

Mitre link : CVE-2024-22068

CVE.ORG link : CVE-2024-22068

JSON object : View

Products Affected

zte

  • zxr10_1800-2s_firmware
  • zxr10_1800-2s
  • zxr10_2800-4
  • zxr10_3800-8_firmware
  • zxr10_160_firmware
  • zxr10_160
  • zxr10_2800-4_firmware
  • zxr10_3800-8
CWE
CWE-269

Improper Privilege Management

CWE-521

Weak Password Requirements