CVE-2022-39075

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
zteCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.1 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
zteblade_l210_firmware
𝑥
< 1.14
zteblade_a7s_firmware
𝑥
< 2.2
zteblade_a71_firmware
𝑥
< 2.4
zteblade_a72_firmware
𝑥
< 11.0.3
zteblade_v20_smart_firmware
𝑥
< 1.14
zteblade_v30_firmware
𝑥
< 1.11
zteblade_v30_vita_firmware
𝑥
< 1.11
ztev40_pro_firmware
𝑥
< 11.0.4_9046
zteblade_v40_vita_firmware
𝑥
< 11.0.2_8045
zteaxon_40_ultra_firmware
𝑥
< 1.0.0b26
𝑥
= Vulnerable software versions
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664