CVE-2023-25646

EUVD-2023-29585
There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ztezxhn_h388x_firmware
10.1_agzhm_1.3.1:_agzhm_1.3
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ztezxhn_h388x_firmware
h388x_v10.1_agzhm_1.3.1 ≤
𝑥
< h388x_v10.1_agzhm_1.4.0
ADP
Common Weakness Enumeration
References
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844