Vulnerabilities > CVE-2018-7363 - Incorrect Authorization vulnerability in ZTE Zxhn F670 Firmware

CVSS 3.3 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

low complexity

zte

CWE-863

NVD

Published: 2018-11-16

Updated: 2019-10-09

Summary

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn F670 Firmware *	1
Hardware	Zte ZTE Zxhn F670 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383