CVE-2022-23141

HIGH

7.5

Description

ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published7/15/2022

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

zte:zxmp_m721zte:zxmp_m721_firmware

Weaknesses (CWE)

CWE-532

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264(psirt@zte.com.cn)

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1025264(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.