CVE-2022-23144

EUVD-2022-28235
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ztezxa10_b76hv3_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b766v2_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b800v2_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b860av2.1_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b860h_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b866v2-h_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b866v5-w10_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b960gv1_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b710c-a12_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b710s2-a19_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b836ct-a15_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s100v_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s200a_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s200t_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b700v7_firmware
𝑥
≤ 2.01.02.01
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224