Vulnerabilities > CVE-2022-23139 - Incorrect Authorization vulnerability in ZTE Zxmp M721 Firmware 5.10.030.006

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zte

CWE-863

NVD

Published: 2022-05-12

Updated: 2024-11-21

Summary

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxmp M721 Firmware 5.10.030.006	1
Hardware	Zte ZTE Zxmp M721 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1024444