There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZte Zxa10 C300m
HWZtewszystkie wersjeZte Zxa10 C300m Firmware
OSZte2.1.0 – 2.1.0xgp002.4 (bez)Zte Zxa10 C350m
HWZtewszystkie wersjeZte Zxa10 C350m Firmware
OSZte2.1.0 – 2.1.0xgp002.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2021-21728MEDIUM5.3ten sam produkt
A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an attacker ...
CVE-2024-10119CRITICAL9.8PL ✓ten sam vendor
Command injection w routerze SECOM WRTM326 — zdalne wykonanie poleceń
CVE-2022-39073CRITICAL9.8ten sam vendor
There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input paramete...
CVE-2022-23144CRITICAL9.1ten sam vendor
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, atta...
CVE-2021-21748CRITICAL9.8ten sam vendor
ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerab...