Vulnerabilities > CVE-2022-23139 - Incorrect Authorization vulnerability in ZTE Zxmp M721 Firmware 5.10.030.006

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zte

CWE-863

NVD

Published: 2022-05-12

Updated: 2022-05-23

Summary

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxmp M721 Firmware 5.10.030.006	1
Hardware	Zte ZTE Zxmp M721 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444