CVE-2022-39071

EUVD-2022-41617
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CISA-ADPADP
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
zteblade_l210_firmware
𝑥
< 1.14
zteblade_a7s_firmware
𝑥
< 2.2
zteblade_a71_firmware
𝑥
< 2.4
zteblade_a72_firmware
𝑥
< 11.0.3
zteblade_v20_smart_firmware
𝑥
< 1.14
zteblade_v30_firmware
𝑥
< 1.11
zteblade_v30_vita_firmware
𝑥
< 1.11
ztev40_pro_firmware
𝑥
< 11.0.4_9046
zteblade_v40_vita_firmware
𝑥
< 11.0.2_8045
zteaxon_40_ultra_firmware
𝑥
< 1.0.0b26
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664