CVE-2022-39071

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
zteCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
zteblade_l210_firmware
𝑥
< 1.14
zteblade_a7s_firmware
𝑥
< 2.2
zteblade_a71_firmware
𝑥
< 2.4
zteblade_a72_firmware
𝑥
< 11.0.3
zteblade_v20_smart_firmware
𝑥
< 1.14
zteblade_v30_firmware
𝑥
< 1.11
zteblade_v30_vita_firmware
𝑥
< 1.11
ztev40_pro_firmware
𝑥
< 11.0.4_9046
zteblade_v40_vita_firmware
𝑥
< 11.0.2_8045
zteaxon_40_ultra_firmware
𝑥
< 1.0.0b26
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664