CVE-2022-23144

There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
zteCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
ztezxa10_b76hv3_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b766v2_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b800v2_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b860av2.1_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b860h_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b866v2-h_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b866v5-w10_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b960gv1_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b710c-a12_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b710s2-a19_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b836ct-a15_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s100v_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s200a_firmware
𝑥
≤ 2.01.02.01
ztezxa10_s200t_firmware
𝑥
≤ 2.01.02.01
ztezxa10_b700v7_firmware
𝑥
≤ 2.01.02.01
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1026224