CVE-2022-39074

EUVD-2022-41620
There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA-ADPADP
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
zteblade_l210_firmware
𝑥
< 1.14
zteblade_a7s_firmware
𝑥
< 2.2
zteblade_a71_firmware
𝑥
< 2.4
zteblade_a72_firmware
𝑥
< 11.0.3
zteblade_v20_smart_firmware
𝑥
< 1.14
zteblade_v30_firmware
𝑥
< 1.11
zteblade_v30_vita_firmware
𝑥
< 1.11
ztev40_pro_firmware
𝑥
< 11.0.4_9046
zteblade_v40_vita_firmware
𝑥
< 11.0.2_8045
zteaxon_40_ultra_firmware
𝑥
< 1.0.0b26
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664