Vulnerabilities > CVE-2018-7363 - Incorrect Authorization vulnerability in ZTE Zxhn F670 Firmware

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

zte

CWE-863

NVD

Published: 2018-11-16

Updated: 2024-11-21

Summary

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn F670 Firmware -	1
Hardware	Zte ZTE Zxhn F670 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383