CVE-2022-23135

There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zte:zxhn_f677_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_f677:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zte:zxhn_f477_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_f477:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444 - Vendor Advisory () https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444 - Vendor Advisory

08 Mar 2022, 17:07

Type Values Removed Values Added
CPE cpe:2.3:h:zte:zxhn_f477:-:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxhn_f677_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:zte:zxhn_f477_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_f677:-:*:*:*:*:*:*:*
CWE CWE-22
References (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444 - (MISC) https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1023444 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.5
v3 : 6.5

24 Feb 2022, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-24 19:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23135

Mitre link : CVE-2022-23135

CVE.ORG link : CVE-2022-23135


JSON object : View

Products Affected

zte

  • zxhn_f477_firmware
  • zxhn_f677
  • zxhn_f477
  • zxhn_f677_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')