HIGH🇵🇱 Wersja polska

CVE-2024-22064

CVSS 8.3v3.1pub. 2024-05-14upd. 2025-01-28

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection(IKE) with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the user session informations using the keys may be leaked.

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
  • Zte Zxun Epdg

    APP
    Zte
    < 5.20.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-10119CRITICAL9.8PL ✓ten sam vendor

Command injection w routerze SECOM WRTM326 — zdalne wykonanie poleceń

CVE-2022-39073CRITICAL9.8ten sam vendor

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input paramete...

CVE-2022-39070CRITICAL9.8ten sam vendor

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings...

CVE-2022-23144CRITICAL9.1ten sam vendor

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, atta...

CVE-2021-21748CRITICAL9.8ten sam vendor

ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit the vulnerab...