All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address.
References
Link | Resource |
---|---|
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582 | Vendor Advisory |
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008582 - Vendor Advisory |
Information
Published : 2017-10-19 21:29
Updated : 2024-11-21 03:06
NVD link : CVE-2017-10933
Mitre link : CVE-2017-10933
CVE.ORG link : CVE-2017-10933
JSON object : View
Products Affected
zte
- zxdt22_sf01
- zxdt22_sf01_firmware
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')