CVE-2024-22068
10.10.2024, 09:15
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.Enginsight
Vendor | Product | Version |
---|---|---|
zte | zxr10_1800-2s_firmware | 𝑥 < 6.00.10 |
zte | zxr10_2800-4_firmware | 𝑥 < 6.00.10 |
zte | zxr10_3800-8_firmware | 𝑥 < 6.00.10 |
zte | zxr10_160_firmware | 𝑥 < 6.00.10 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-521 - Weak Password RequirementsThe product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.