|
Original release date: May 12, 2022 CVE ID CVE-2022-23139 CVSS 3.1 Base Score Low 2.7(AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) Description ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for users to ignore the modification of the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZXMP M721 | V5.10.030.006 | V5.10.033.001 |
Source The vulnerability was found by ZTE's internal test. Update Records May 12, 2022, initial. Version Update Method Please contact ZTE Global Customer Support Center to obtain the upgraded version. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?_langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|