CRITICAL🇵🇱 Wersja polska

CVE-2022-39070

CVSS 9.8v3.1pub. 2022-11-22upd. 2025-04-29

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Zte Zxa10 C300m

    HW
    Zte
    wszystkie wersje
  • Zte Zxa10 C300m Firmware

    OS
    Zte
    2.1.0 – 2.1.0xgp002.4 (bez)
  • Zte Zxa10 C350m

    HW
    Zte
    wszystkie wersje
  • Zte Zxa10 C350m Firmware

    OS
    Zte
    2.1.0 – 2.1.0xgp002.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-21728MEDIUM5.3ten sam produkt

A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker ...

CVE-2024-10119CRITICAL9.8PL ✓ten sam vendor

Command injection w routerze SECOM WRTM326 — zdalne wykonanie poleceń

CVE-2022-39073CRITICAL9.8ten sam vendor

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input paramete...

CVE-2022-23144CRITICAL9.1ten sam vendor

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, atta...

CVE-2021-21748CRITICAL9.8ten sam vendor

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerab...