Vulnerabilities > CVE-2022-39070 - Unspecified vulnerability in ZTE Zxa10 C300M Firmware and Zxa10 C350M Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zte

critical

NVD

Published: 2022-11-22

Updated: 2022-11-28

Summary

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxa10 C350M Firmware * ZTE Zxa10 C300M Firmware *	2
Hardware	Zte ZTE Zxa10 C350M - ZTE Zxa10 C300M -	2

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1027824