Vulnerabilities > CVE-2023-25646 - Improper Preservation of Permissions vulnerability in ZTE Zxhn H388X Firmware 10.1Agzhm1.3.1

CVSS 6.4 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

zte

CWE-281

NVD

Published: 2024-06-20

Updated: 2025-01-28

Summary

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

Vulnerable Configurations

Part	Description	Count
OS	Zte ZTE Zxhn H388X Firmware 10.1_Agzhm_1.3.1	1
Hardware	Zte ZTE Zxhn H388X -	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844