CVE-2024-22068 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6 MEDIUM	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H
zte	CNA	6 MEDIUM	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
zte	zxr10_1800-2s_firmware	𝑥 < 6.00.10
zte	zxr10_2800-4_firmware	𝑥 < 6.00.10
zte	zxr10_3800-8_firmware	𝑥 < 6.00.10
zte	zxr10_160_firmware	𝑥 < 6.00.10

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-521 - Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/5359853646778130472