Vulnerabilities > CVE-2018-7364 - Unspecified vulnerability in ZTE Zxin10 Resv1.01.43

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zte

critical

NVD

Published: 2018-12-07

Updated: 2023-03-01

Summary

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Zte ZTE Zxin10 Resv1.01.43	1

References

http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
https://github.com/orangecertcc/security-research/security/advisories/GHSA-34f2-7h57-rg7p
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943